用友软件股份有限公司流通与零售行业事业部POST注射

简要描述： 用友软件分站流通与零售行业事业部某处出现POST注射， SA权限。只发现问题，不深入，不作恶。 详细说明： http://soft-sk.yonyou.com/service/jszc.jsp URL asktypeid=---注射点---&enddate=JyI%3d&prikey=1&startdate=01/01/1967&Submit=%b2%e9%d1%af POST数据 漏洞证明： web application technology: JSP back-end DBMS: Microsoft SQL Server 2008 current user: 'sa'...

用友某通用系统sql注入

简要描述： 用友某通用系统注入 详细说明： 用友TurboCRM存在通用sql注入 http://www.qinyuancrm.com/login/forgetpswd.php?orgcode=1&loginname=dsdfsfds loginname参数存在mssql timebased盲注 Place: GET Parameter: loginname Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: orgcode=1&loginname=dsdfsfds';...

大汉版通政府信息公开系统SQL注射2

简要描述： SQL 详细说明： 政府信息公开系统 某处sql注射漏洞 另一个文件里的参数 注入点 zfxxgk/serviceobjectinfo.jsp?servicebm= servicebm过滤不严存在注射 政府网站案例 sqlmap.py -u "http://xxgk.sihong.gov.cn/zfxxgk/serviceobjectinfo.jsp?s ervicebm=" --is-dba --dbs --- Place: GET Parameter: servicebm Type: boolean-based blind Title: AND boolean-based...

大汉版通政府信息公开系统SQL注射

简要描述： 政府信息公开系统 详细说明： 政府信息公开系统 某处sql注射漏洞 注入点 zfxxgk/subjectinfo.jsp?subjectbm= subjectbm参数过滤不严，导致注入 政府网站案例 sqlmap.py -u "http://xxgk.sihong.gov.cn/zfxxgk/subjectinfo.jsp?subjectbm=" --is-dba --dbs payload Place: GET Parameter: subjectbm Type: boolean-based blind Title: AND boolean-based blind -...

强智科技教务系统存在SQL注入漏洞导致多校中枪……

简要描述： 强智科技教务系统存在SQL注入漏洞，多校中枪…… 详细说明： 这个算是CMS吧？ 中枪学校及注入点 湖南商学院：http://jwgl.hnuc.edu.cn/Public/ShowGGTZ.asp?GGTZID=317【这里】 北京城市学院：http://114.255.66.248/jiaowu/Public/ShowGGTZ.asp?GGTZID=218【这里】 焦作大学：http://jw.jzu.cn/jiaowu/Public/ShowGGTZ.asp?GGTZID=1155【这里】...

Netvolution 'm'参数SQL注入漏洞

Bugtraq ID:65942 Netvolution是一款基于WEB内容管理软件。 Netvolution不正确过滤用户提交的'm'参数数据，允许远程攻击者利用漏洞提交特制的请求，可操作或获取数据库数据。 0 Netvolution 3.0 目前没有详细解决方案提供： http://www.netvolution.net sqlmap output: Place: Get Parameter: m Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause...

CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

Sql injection

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

CVE-2013-4313

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string...

CVE-2013-4313

The CVE-2013-4313 issue affects Moodle up to versions 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2, where the application does not neutralize null bytes ('\0') in query strings. This can enable remote attackers to perform SQL injection against Microsoft SQL Server via a ...

Microsoft SQL Server STARTTLS Support

The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel. TRUSTED...

Microsoft SQL Server Unsupported Version Detection

According to its self-reported version number, the installation of Microsoft SQL Server on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities...

Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

[SQL Fingerprint] Christmas Release

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the...

Microsoft SQL Server Database Link Crawling Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require...

Microsoft SQL Server SQLi NTLM Stealer

This module can be used to help capture or relay the LM/NTLM credentials of the account running the remote SQL Server service. The module will use the SQL injection from GETPATH to connect to the target SQL Server instance and execute the native "xpdirtree" or stored procedure. The stored...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft SQL Server crossite scripting

SQL Server Report Manager crossite scripting...

Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)

This host has important security update missing according to Microsoft Bulletin MS12-070. OpenVAS Vulnerability Test $Id: secpodms12-070.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability 2754849 Authors: Rachana Shetty Copyright: Copyright...