Antivirus Exclusions for Veeam Agent for Microsoft Windows

Purpose This article documents antivirus exclusions that may be created to reduce the impact that antivirus software has on the functionality of Veeam Agent for Microsoft Windows. These antivirus exclusions may be applied to the Windows built-in antivirus or third-party antivirus software. Note:...

Coremail官网SQL注入可读全库

简要描述： coremail官网存在注入，有防护，可绕过。 详细说明： 漏洞地址：http://www.coremail.cn/gjzc2/list117.aspx?lcid=412 漏洞证明： 有防护，直接用sqlmap加个tamper=chardoubleencode.py可以跑出来。 这个是sqlmap用的payload： Place: GET Parameter: lcid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lcid=412 AND...

某通用型政府建站系统SQL注入

简要描述： RT 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下: http://222.135.127.190:7000/gov/SearchInfoSum.aspx?keyword= http://221.2.171.59:8000/gov/SearchInfoSum.aspx?keyword= http://222.135.109.70:8100/gov/SearchInfoSum.aspx?keyword= http://61.133.119.187:8089/gov/SearchInfoSum.aspx?keyword=...

某通用教育网站程序SQL注入漏洞

简要描述： 某通用教育网站程序SQL注入漏洞 详细说明： 使用量非常多 http://www.dlwsxx.com/ws2004/model/login1.asp http://www.fzjcxx.cn/ws2004/model/login1.asp http://www.nxyancgjzx.com/ws2004/model/login1.asp http://www.sgtjb.com/ws2004/model/login1.asp http://www.sdwhys.com/ws2004/model/login1.asp...

Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server

Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...

博云非书论文管理系统存在通用型SQL注入

简要描述： 论文管理系统存在通用型SQL注入 详细说明： 注入点：dbid和docid 搜索关键字：inurl:/docinfo.action?dbid= http://202.195.136.150/docinfo.action?dbid=72&docid=40824 http://202.199.163.37/docinfo.action?dbid=72&docid=40619 http://paper.buaalib.com/docinfo.action?dbid=72&docid=5793...

博云非书资料管理系统存在通用型SQL注入

简要描述： 某非书资料管理系统存在通用型SQL注入 详细说明： 注入点ISBN http://202.206.242.26:88/poweb/requestiso.do?status=insert&METAID=7578&PropertyID=&ISBN=7-112-06320-5&SSH= http://202.197.107.11:8080/poweb/requestiso.do?status=insert&METAID=7578&PropertyID=&ISBN=7-112-06320-5&SSH=...

某政府系统一处越权+一处SQL注入

简要描述： RT 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 越权案例如下： http://221.2.149.47:8100/jubao/left.aspx http://222.135.109.70:8100/jubao/left.aspx http://123.134.189.60:8012/jubao/left.aspx http://218.56.40.229:8020/jubao/left.aspx http://222.135.127.190:7000/jubao/left.aspx 2.一处越权注入：...

ObSecure ObSecure360 Unauthenticated SQL Injection

ObSecure ObSecure360 Unauthenticated SQL Injection Vulnerability Release Date: 23-Dec-2014 Software: ObSecure 360 http://obsecure.com.au/Solutions.html "obsecure is an innovative cyber security software company that provides high security information distribution and transfer solutions that take...

用友某分战SQL注入第五弹

简要描述： 又来一发。。 详细说明： 注入URL： http://u9service.yonyou.com/servicehome/kmview.aspx?postid=ZS20100530204 sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org ! legal disclaimer: Usage of sqlmap for attacking targets without prior mutu consent is illegal. It is the end...

用友某废弃站点存在SQL注入

简要描述： 晚上无聊,看看公司的网站有什么漏洞,哈哈,果然无意间又发现了一枚. 上一次提交公司的漏洞：http://www.wooyun.org/bugs/wooyun-2014-084920 为什么RANK一直没补啊，漏洞也不再我的列表下？ @疯狗 @xsser 详细说明： 存在地址:http://125.35.5.234:81/ ping dbmservice.yonyou.com 感觉是很老的站点,于是乎,在登录账号的时候输入了',果不其然,发现有注入 构造下URL:http://125.35.5.234:81/checkuser.asp?loginname=admin&pwd=1...

某管理系统通用型SQL注入

简要描述： 某管理系统通用型SQL注入 详细说明： 厂商：南京苏亚星资讯科技开发有限公司 资源库管理系统 搜索引擎关键字：帮助 正在读取数据... 注册用户 系统用户 用户名: 密码: 南京苏亚星资讯科技开发 有一部分是内网使用，好不容易找到5个案例。...

Microsoft SQL Server Multiple Vulnerabilities (MS14-044)

Microsoft SQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft SQL Server SQLi Escalate Execute AS

This module can be used escalate privileges if the IMPERSONATION privilege has been assigned to the user via error based SQL injection. In most cases, this results in additional data access, but in some cases it can be used to gain sysadmin privileges. The syntax for injection URLs is:...

Microsoft SQL Server Escalate EXECUTE AS

This module can be used escalate privileges if the IMPERSONATION privilege has been assigned to the user. In most cases, this results in additional data access, but in some cases it can be used to gain sysadmin privileges. This module requires Metasploit: https://metasploit.com/download Current...

某通用型校园校务系统SQL注入

简要描述： boom!!! 详细说明： 厂商：南京苏亚星资讯科技开发有限公司 校务系统输入任意用户名、密码，点击登录，报错的url存在注入漏洞 搜索引擎的案例如下： ErrorCode参数存在注入 http://www.sdwhys.com/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004 http://www.zjnksyzx.com:8801/SM2005/public/asp/ErrorMsg/ShowError.asp?ErrorCode=30004...

ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities

No description provided by source. Exploit Title: Multiple SQL Injection Vulnerabilities in SelectSurvey.net Google Dork: intitle:SelectSurvey Date: Sep 03 2014 Vendor Homepage: https://www.classapps.com/ Software Link: https://www.classapps.com/SelectSurveyNETOverview.asp Version: 4.124.004 Test...

Microsoft SQL Server Escalate Db_Owner

This module can be used to escalate privileges to sysadmin if the user has the dbowner role in a trustworthy database owned by a sysadmin user. Once the user has the sysadmin role the msssqlpayload module can be used to obtain a shell on the system. This module requires Metasploit:...

万户OA 无条件sql注入

简要描述： sql注入,您要跑出数据证明,那我就给你跑出数据的图,说了 延时注入时间较慢.不知道为什么 您不信呢. 详细说明： 问题处在WorkflowCommonAction acton 参数没有过滤 漏洞证明： -u "http://119.254.81.197:7001/defaultroot/WorkflowCommonAction.do?curActivityId=1&flag=back" --dbms="Microsoft SQL Server" --dbs...

某学校综合管理平台OAsql注入漏洞(影响大量学校)

简要描述： 前台走一走 详细说明： 问题厂商：上海安脉计算机科技有限公司 谷歌百度：版权所有：上海安脉计算机科技有限公司 大量学校使用该系统 管理平台没发现漏洞，但是这套系统附带一套oa系统 /anmai/oa/adduser.aspx 在密码出现sql注入 只能手工不好利用 但是 这有个用户修改 只需添加参数id /anmai/oa/adduser.aspx?id=1 （id存在注入） 以该公司demo为例 http://www.anmai.net/anmai/oa/adduser.aspx?id=1 Place: GET Parameter: id Type: error-based...