漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-068514
漏洞标题:中山声屏网主站sql注入
相关厂商:中山声屏网
漏洞作者: sutdy
提交时间:2014-07-16 16:15
修复时间:2014-08-30 16:18
公开时间:2014-08-30 16:18
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-07-16: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-08-30: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
详细说明:
好像有二个的 我只跑了一个
http://www.zsbtv.com.cn/Comment/Comments4.aspx?contentid=10436
其他
http://www.zsbtv.com.cn/Comment/Comments.aspx?contentid=10150
+---------------------------------------------------------+
| dbo.[INFORMATION_SCHEMA.CHECK_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.COLUMNS] |
| dbo.[INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE] |
| dbo.[INFORMATION_SCHEMA.COLUMN_PRIVILEGES] |
| dbo.[INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE] |
| dbo.[INFORMATION_SCHEMA.DOMAINS] |
| dbo.[INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.KEY_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.PARAMETERS] |
| dbo.[INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.ROUTINES] |
| dbo.[INFORMATION_SCHEMA.ROUTINE_COLUMNS] |
| dbo.[INFORMATION_SCHEMA.SCHEMATA] |
| dbo.[INFORMATION_SCHEMA.TABLES] |
| dbo.[INFORMATION_SCHEMA.TABLE_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.TABLE_PRIVILEGES] |
| dbo.[INFORMATION_SCHEMA.VIEWS] |
| dbo.[INFORMATION_SCHEMA.VIEW_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.VIEW_TABLE_USAGE] |
| dbo.[sys.all_columns] |
| dbo.[sys.all_objects] |
| dbo.[sys.all_parameters] |
| dbo.[sys.all_sql_modules] |
| dbo.[sys.all_views] |
| dbo.[sys.allocation_units] |
| dbo.[sys.assemblies] |
| dbo.[sys.assembly_files] |
| dbo.[sys.assembly_modules] |
| dbo.[sys.assembly_references] |
| dbo.[sys.assembly_types] |
| dbo.[sys.asymmetric_keys] |
| dbo.[sys.backup_devices] |
| dbo.[sys.certificates] |
| dbo.[sys.check_constraints] |
| dbo.[sys.column_type_usages] |
| dbo.[sys.column_xml_schema_collection_usages] |
| dbo.[sys.columns] |
| dbo.[sys.computed_columns] |
| dbo.[sys.configurations] |
| dbo.[sys.conversation_endpoints] |
| dbo.[sys.conversation_groups] |
| dbo.[sys.credentials] |
| dbo.[sys.crypt_properties] |
| dbo.[sys.data_spaces] |
| dbo.[sys.database_files] |
| dbo.[sys.database_mirroring] |
| dbo.[sys.database_mirroring_endpoints] |
| dbo.[sys.database_mirroring_witnesses] |
| dbo.[sys.database_permissions] |
| dbo.[sys.database_principal_aliases] |
| dbo.[sys.database_principals] |
| dbo.[sys.database_recovery_status] |
| dbo.[sys.database_role_members] |
| dbo.[sys.databases] |
| dbo.[sys.default_constraints] |
| dbo.[sys.destination_data_spaces] |
| dbo.[sys.dm_broker_activated_tasks] |
| dbo.[sys.dm_clr_tasks] |
| dbo.[sys.dm_db_file_space_usage] |
| dbo.[sys.dm_db_index_usage_stats] |
| dbo.[sys.dm_db_mirroring_connections] |
| dbo.[sys.dm_db_missing_index_details] |
| dbo.[sys.dm_db_missing_index_group_stats] |
| dbo.[sys.dm_db_missing_index_groups] |
| dbo.[sys.dm_db_partition_stats] |
| dbo.[sys.dm_db_session_space_usage] |
| dbo.[sys.dm_db_task_space_usage] |
| dbo.[sys.dm_exec_background_job_queue] |
| dbo.[sys.dm_exec_background_job_queue_stats] |
| dbo.[sys.dm_exec_cached_plans] |
| dbo.[sys.dm_exec_connections] |
| dbo.[sys.dm_exec_query_memory_grants] |
| dbo.[sys.dm_exec_query_optimizer_info] |
| dbo.[sys.dm_exec_query_resource_semaphores] |
| dbo.[sys.dm_exec_query_stats] |
| dbo.[sys.dm_exec_query_transformation_stats] |
| dbo.[sys.dm_exec_requests] |
| dbo.[sys.dm_exec_sessions] |
| dbo.[sys.dm_fts_active_catalogs] |
| dbo.[sys.dm_fts_index_population] |
| dbo.[sys.dm_fts_memory_buffers] |
| dbo.[sys.dm_fts_memory_pools] |
| dbo.[sys.dm_fts_population_ranges] |
| dbo.[sys.dm_io_backup_tapes] |
| dbo.[sys.dm_io_cluster_shared_drives] |
| dbo.[sys.dm_io_pending_io_requests] |
| dbo.[sys.dm_os_buffer_descriptors] |
| dbo.[sys.dm_os_child_instances] |
| dbo.[sys.dm_os_cluster_nodes] |
| dbo.[sys.dm_os_hosts] |
| dbo.[sys.dm_os_latch_stats] |
| dbo.[sys.dm_os_loaded_modules] |
| dbo.[sys.dm_os_memory_allocations] |
| dbo.[sys.dm_os_memory_cache_clock_hands] |
| dbo.[sys.dm_os_memory_cache_counters] |
| dbo.[sys.dm_os_memory_cache_entries] |
| dbo.[sys.dm_os_memory_cache_hash_tables] |
| dbo.[sys.dm_os_memory_clerks] |
| dbo.[sys.dm_os_memory_objects] |
| dbo.[sys.dm_os_memory_pools] |
| dbo.[sys.dm_os_performance_counters] |
| dbo.[sys.dm_os_ring_buffers] |
| dbo.[sys.dm_os_schedulers] |
| dbo.[sys.dm_os_stacks] |
| dbo.[sys.dm_os_sublatches] |
| dbo.[sys.dm_os_sys_info] |
| dbo.[sys.dm_os_tasks] |
| dbo.[sys.dm_os_threads] |
| dbo.[sys.dm_os_virtual_address_dump] |
| dbo.[sys.dm_os_wait_stats] |
| dbo.[sys.dm_os_waiting_tasks] |
| dbo.[sys.dm_os_worker_local_storage] |
| dbo.[sys.dm_os_workers] |
| dbo.[sys.dm_qn_subscriptions] |
| dbo.[sys.dm_repl_articles] |
| dbo.[sys.dm_repl_schemas] |
| dbo.[sys.dm_repl_tranhash] |
| dbo.[sys.dm_repl_traninfo] |
| dbo.[sys.dm_tran_active_snapshot_database_transactions] |
| dbo.[sys.dm_tran_active_transactions] |
| dbo.[sys.dm_tran_current_snapshot] |
| dbo.[sys.dm_tran_current_transaction] |
| dbo.[sys.dm_tran_database_transactions] |
| dbo.[sys.dm_tran_locks] |
| dbo.[sys.dm_tran_session_transactions] |
| dbo.[sys.dm_tran_top_version_generators] |
| dbo.[sys.dm_tran_transactions_snapshot] |
| dbo.[sys.dm_tran_version_store] |
| dbo.[sys.endpoint_webmethods] |
| dbo.[sys.endpoints] |
| dbo.[sys.event_notification_event_types] |
| dbo.[sys.event_notifications] |
| dbo.[sys.events] |
| dbo.[sys.extended_procedures] |
| dbo.[sys.extended_properties] |
| dbo.[sys.filegroups] |
| dbo.[sys.foreign_key_columns] |
| dbo.[sys.foreign_keys] |
| dbo.[sys.fulltext_catalogs] |
| dbo.[sys.fulltext_document_types] |
| dbo.[sys.fulltext_index_catalog_usages] |
| dbo.[sys.fulltext_index_columns] |
| dbo.[sys.fulltext_indexes] |
| dbo.[sys.fulltext_languages] |
| dbo.[sys.http_endpoints] |
| dbo.[sys.identity_columns] |
| dbo.[sys.index_columns] |
| dbo.[sys.indexes] |
| dbo.[sys.internal_tables] |
| dbo.[sys.key_constraints] |
| dbo.[sys.key_encryptions] |
| dbo.[sys.linked_logins] |
| dbo.[sys.login_token] |
| dbo.[sys.master_files] |
| dbo.[sys.master_key_passwords] |
| dbo.[sys.message_type_xml_schema_collection_usages] |
| dbo.[sys.server_role_members] |
| dbo.[sys.server_sql_modules] |
| dbo.[sys.server_trigger_events] |
| dbo.[sys.server_triggers] |
| dbo.[sys.servers] |
| dbo.[sys.service_broker_endpoints] |
| dbo.[sys.service_contract_message_usages] |
| dbo.[sys.service_contract_usages] |
| dbo.[sys.service_contracts] |
| dbo.[sys.service_message_types] |
| dbo.[sys.service_queue_usages] |
| dbo.[sys.service_queues] |
| dbo.[sys.services] |
| dbo.[sys.soap_endpoints] |
| dbo.[sys.sql_dependencies] |
| dbo.[sys.sql_logins] |
| dbo.[sys.sql_modules] |
| dbo.[sys.stats] |
| dbo.[sys.stats_columns] |
| dbo.[sys.symmetric_keys] |
| dbo.[sys.synonyms] |
| dbo.[sys.sysaltfiles] |
| dbo.[sys.syscacheobjects] |
| dbo.[sys.syscharsets] |
| dbo.[sys.syscolumns] |
| dbo.[sys.syscomments] |
| dbo.[sys.sysconfigures] |
| dbo.[sys.sysconstraints] |
| dbo.[sys.syscurconfigs] |
| dbo.[sys.syscursorcolumns] |
| dbo.[sys.syscursorrefs] |
| dbo.[sys.syscursors] |
| dbo.[sys.syscursortables] |
| dbo.[sys.sysdatabases] |
| dbo.[sys.sysdepends] |
| dbo.[sys.sysdevices] |
| dbo.[sys.sysfilegroups] |
| dbo.[sys.sysfiles] |
| dbo.[sys.sysforeignkeys] |
| dbo.[sys.sysfulltextcatalogs] |
| dbo.[sys.sysindexes] |
| dbo.[sys.sysindexkeys] |
| dbo.[sys.syslanguages] |
| dbo.[sys.syslockinfo] |
| dbo.[sys.syslogins] |
| dbo.[sys.sysmembers] |
| dbo.[sys.sysmessages] |
| dbo.[sys.sysobjects] |
| dbo.[sys.sysoledbusers] |
| dbo.[sys.sysopentapes] |
| dbo.[sys.sysperfinfo] |
| dbo.[sys.syspermissions] |
| dbo.[sys.sysprocesses] |
| dbo.[sys.sysprotects] |
| dbo.[sys.sysreferences] |
| dbo.[sys.sysremotelogins] |
| dbo.[sys.syssegments] |
| dbo.[sys.sysservers] |
| dbo.[sys.system_columns] |
| dbo.[sys.system_components_surface_area_configuration] |
| dbo.[sys.system_internals_allocation_units] |
| dbo.[sys.system_internals_partition_columns] |
| dbo.[sys.system_internals_partitions] |
| dbo.[sys.system_objects] |
| dbo.[sys.system_parameters] |
| dbo.[sys.system_sql_modules] |
| dbo.[sys.system_views] |
| dbo.[sys.systypes] |
| dbo.[sys.sysusers] |
| dbo.[sys.tables] |
| dbo.[sys.tcp_endpoints] |
| dbo.[sys.trace_categories] |
| dbo.[sys.trace_columns] |
| dbo.[sys.trace_event_bindings] |
| dbo.[sys.trace_events] |
| dbo.[sys.trace_subclass_values] |
| dbo.[sys.traces] |
| dbo.[sys.transmission_queue] |
| dbo.[sys.trigger_events] |
| dbo.[sys.triggers] |
| dbo.[sys.type_assembly_usages] |
| dbo.[sys.types] |
| dbo.[sys.user_token] |
| dbo.[sys.via_endpoints] |
| dbo.[sys.views] |
| dbo.[sys.xml_indexes] |
| dbo.[sys.xml_schema_attributes] |
| dbo.[sys.xml_schema_collections] |
| dbo.[sys.xml_schema_component_placements] |
| dbo.[sys.xml_schema_components] |
| dbo.[sys.xml_schema_elements] |
| dbo.[sys.xml_schema_facets] |
| dbo.[sys.xml_schema_model_groups] |
| dbo.[sys.xml_schema_namespaces] |
| dbo.[sys.xml_schema_types] |
| dbo.[sys.xml_schema_wildcard_namespaces] |
| dbo.[sys.xml_schema_wildcards] |
| dbo.spt_fallback_db |
| dbo.spt_fallback_dev |
| dbo.spt_fallback_usg |
| dbo.spt_monitor |
| dbo.spt_values |
+---------------------------------------------------------+
Database: CMS
[4 tables]
+---------------------------------------------------------+
| dbo.t_BH_ClickNum |
| dbo.t_BH_CommonModel |
| dbo.t_BH_Content_NeiRong |
| dbo.t_BH_contentComments |
+---------------------------------------------------------+
Database: msdb
[9 tables]
+---------------------------------------------------------+
| dbo.backupfile |
| dbo.backupmediafamily |
| dbo.backupmediaset |
| dbo.backupset |
| dbo.logmarkhistory |
| dbo.restorefile |
| dbo.restorefilegroup |
| dbo.restorehistory |
| dbo.suspect_pages |
+---------------------------------------------------------+
漏洞证明:
修复方案:
你懂的!!!
版权声明:转载请注明来源 sutdy@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝