乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-23: 细节已通知厂商并且等待厂商处理中 2015-03-27: 厂商已经确认,细节仅向厂商公开 2015-03-30: 细节向第三方安全合作伙伴开放 2015-05-21: 细节向核心白帽子及相关领域专家公开 2015-05-31: 细节向普通白帽子公开 2015-06-10: 细节向实习白帽子公开 2015-06-25: 细节向公众公开
前人有经验(注意与前人提交的不一样):
WooYun: 某网络办公自动化系统的通杀注入
前人说的页面和这个一样,但是前人说的是GET的注入,但是发现这里的搜索也存在注入~本次SQL注入点:
/mainpage/articleclasslist.aspx?classid=1POST注入参数:ctl00%24ContentPlaceHolder1%24Uc_article_list1%24TextBox1
互联网自动采集案例5枚:
【以下是搜索中的POST注入,非GET注入】http://59.55.33.137:8040/mainpage/articleclasslist.aspx?classid=1http://oa.jxgxedu.gov.cn/mainpage/articleclasslist.aspx?classid=11http://www.gznoa.com/mainpage/articleclasslist.aspx?classid=1http://218.87.140.106/mainpage/articleclasslist.aspx?classid=1http://59.55.33.137:8010/mainpage/articleclasslist.aspx?classid=1
我就测试2个案例了:1、
POST /mainpage/articleclasslist.aspx?classid=11 HTTP/1.1Host: **.****.**.cnProxy-Connection: keep-aliveContent-Length: 1991Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://**.*****.***.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://**.****.**.cn/mainpage/articleclasslist.aspx?classid=11Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=cznsh5fvpj1xhp2kum1xna45__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUIMzM5NTU5NDgPZBYCZg9kFgICAw9kFgICAQ9kFgQCAQ9kFgJmDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCBR4JUGFnZUNvdW50AgEeFV8hRGF0YVNvdXJjZUl0ZW1Db3VudAIFZBYCZg9kFgoCAQ9kFgJmD2QWAmYPFQIArgE8aW1nIGJvcmRlcj0nMCcgc3JjPScuLi9pbWFnZXMvYXJ0aWNsZS9hcnJvdzQuZ2lmJz4mbmJzcDs8QSB0YXJnZXQ9J19ibGFuaycgIGhyZWY9Jy4uL21haW5wYWdlL2FydGljbGVjbGFzc2xpc3QuYXNweD9jbGFzc2lkPTEwJz48Zm9udCBjb2xvcj0nIzMzMzMzMyc%2B5Y2V5L2N566A5LuLPC9mb250PjwvYT5kAgIPZBYCZg9kFgJmDxUCAK4BPGltZyBib3JkZXI9JzAnIHNyYz0nLi4vaW1hZ2VzL2FydGljbGUvYXJyb3c0LmdpZic%2BJm5ic3A7PEEgdGFyZ2V0PSdfYmxhbmsnICBocmVmPScuLi9tYWlucGFnZS9hcnRpY2xlY2xhc3NsaXN0LmFzcHg%2FY2xhc3NpZD0xMSc%2BPGZvbnQgY29sb3I9JyMzMzMzMzMnPue7hOe7h%2BaetuaehDwvZm9udD48L2E%2BZAIDD2QWAmYPZBYCZg8VAgCuATxpbWcgYm9yZGVyPScwJyBzcmM9Jy4uL2ltYWdlcy9hcnRpY2xlL2Fycm93NC5naWYnPiZuYnNwOzxBIHRhcmdldD0nX2JsYW5rJyAgaHJlZj0nLi4vbWFpbnBhZ2UvYXJ0aWNsZWNsYXNzbGlzdC5hc3B4P2NsYXNzaWQ9MTInPjxmb250IGNvbG9yPScjMzMzMzMzJz7ojaPoqonmrr%2FloII8L2ZvbnQ%2BPC9hPmQCBA9kFgJmD2QWAmYPFQIAqwE8aW1nIGJvcmRlcj0nMCcgc3JjPScuLi9pbWFnZXMvYXJ0aWNsZS9hcnJvdzQuZ2lmJz4mbmJzcDs8QSB0YXJnZXQ9J19ibGFuaycgIGhyZWY9Jy4uL21haW5wYWdlL2FydGljbGVjbGFzc2xpc3QuYXNweD9jbGFzc2lkPTEzJz48Zm9udCBjb2xvcj0nIzMzMzMzMyc%2B5aSn5LqL6K6wPC9mb250PjwvYT5kAgUPZBYCZg9kFgJmDxUCAK4BPGltZyBib3JkZXI9JzAnIHNyYz0nLi4vaW1hZ2VzL2FydGljbGUvYXJyb3c0LmdpZic%2BJm5ic3A7PEEgdGFyZ2V0PSdfYmxhbmsnICBocmVmPScuLi9tYWlucGFnZS9hcnRpY2xlY2xhc3NsaXN0LmFzcHg%2FY2xhc3NpZD0xNCc%2BPGZvbnQgY29sb3I9JyMzMzMzMzMnPuWPi%2BaDhemTvuaOpTwvZm9udD48L2E%2BZAIDD2QWBGYPDxYCHgRUZXh0BTrlvZPliY3kvY3nva7vvJog5L%2Bh5oGv6Zeo5oi3LS0%2B5Y2V5L2N5L%2Bh5oGvLS0%2B57uE57uH5p625p6EZGQCBA88KwALAQAPFggfABYAHwFmHwICAR8DZmRkZCITHfdEQYH3niH6bRqVXRiBl6rR&__EVENTVALIDATION=%2FwEWBALd5%2FemAgKKmILXBALa6q6fAQK0q4zhDFpUvXMonj97QMq0upXofc0AAF40&ctl00%24ContentPlaceHolder1%24Uc_article_list1%24HiddenField1=&ctl00%24ContentPlaceHolder1%24Uc_article_list1%24TextBox1=aaa&ctl00%24ContentPlaceHolder1%24Uc_article_list1%24Submit1=%E6%9F%A5%E8%AF%A2
2、
POST /mainpage/articleclasslist.aspx?classid=1 HTTP/1.1Host: ****.*****.comProxy-Connection: keep-aliveContent-Length: 664Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://****.*****.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://***.****.com/mainpage/articleclasslist.aspx?classid=1Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=5v1dd255ws0rnh45ugoeih45__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUIMzM5NTU5NDgPZBYCZg9kFgICAw9kFgICAQ9kFgQCAQ9kFgJmDzwrAAsBAA8WCB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnRmHglQYWdlQ291bnQCAR4VXyFEYXRhU291cmNlSXRlbUNvdW50ZmRkAgMPZBYEZg8PFgIeBFRleHQFHOW9k%2BWJjeS9jee9ru%2B8miDkv6Hmga%2Fpl6jmiLdkZAIEDzwrAAsBAA8WCB8AFgAfAWYfAgIBHwNmZGRklOoQ%2FBOFHluLNa%2FCkVJBO0rfAMk%3D&__VIEWSTATEGENERATOR=BD8CA00D&__EVENTVALIDATION=%2FwEWBAL22uvgDQKKmILXBALa6q6fAQK0q4zhDNnJp%2BKvcA3FmFcLFyTZuh61cjN4&ctl00%24ContentPlaceHolder1%24Uc_article_list1%24HiddenField1=&ctl00%24ContentPlaceHolder1%24Uc_article_list1%24TextBox1=xxx&ctl00%24ContentPlaceHolder1%24Uc_article_list1%24Submit1=%E6%9F%A5%E8%AF%A2
危害等级:高
漏洞Rank:12
确认时间:2015-03-27 14:27
CNVD确认并复现所述情况,已经转由CNCERT下发给江西分中心,由其后续协调网站管理单位处置.
暂无