乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-21: 细节已通知厂商并且等待厂商处理中 2015-10-23: 厂商已经确认,细节仅向厂商公开 2015-11-02: 细节向核心白帽子及相关领域专家公开 2015-11-12: 细节向普通白帽子公开 2015-11-22: 细节向实习白帽子公开 2015-12-07: 细节向公众公开
.
漏洞地址:http://**.**.**.**:188/default.aspsql注入地址: http://**.**.**.**:188/too1/getpwd.asp?user=admin
数据库信息
available databases [9]:[*] CarDB[*] CarTmp[*] master[*] model[*] msdb[*] NongC[*] Northwind[*] pubs[*] tempdb
数据表 驾驶员信息35W 其他信息 100W 还有其他库...
Database: NongC+---------------------------------+---------+| Table | Entries |+---------------------------------+---------+| dbo.DoLog201505 | 1405414 || dbo.SqlLog | 1104451 || dbo.DoLog | 801800 || dbo.View_UserRights | 412641 || dbo.DL_JBTZ_JDCMDB | 383125 || dbo.View_DL_JBTZ_JDCMDB | 383125 || dbo.DL_JBTZ_JDCMDB_ShangB | 370958 || dbo.DL_JBTZ_JDCMDB_ShenH | 370878 || dbo.DL_JBTZ_JSYTJB | 348828 || dbo.View_DL_JBTZ_JSYTJB | 348828 || dbo.DL_JBTZ_JSYTJB_ShangB | 346314 || dbo.DL_JBTZ_JSYTJB_ShenH | 346291 || dbo.KaoH_Result | 250230 || dbo.ZR_SqlIn | 182205 || dbo.DL_DTGL_JAB_GZRZ_RenY | 164440 || dbo.DL_Files_New_DTGL | 162487 || dbo.DL_DTGL_JAB_QWAP_RenY | 145022 || dbo.DL_DTGL_JAB_JW | 136521 || dbo.View_DL_DTGL_JAB_JW | 136521 || dbo.DL_DTGL_JAB_JW_ShangB | 134910 || dbo.DL_DTGL_JAB_JW_ShenH | 134867 || dbo.View_KaoH_Result | 130104 || dbo.DL_DTGL_JAB_GZRZ_DaoL | 96496 || dbo.DL_DTGL_JAB_QWAP_DaoL | 84240 || dbo.Log | 60317 || dbo.YuJ_GaoJ | 53087 || dbo.View_YuJ_GaoJ | 52875 || dbo.View_DL_DTGL_JAB_GZRZ_All | 38272 || dbo.YuJ_GaoJ2014 | 37389 || dbo.DL_DTGL_JAB_GZRZ | 36189 || dbo.View_DL_DTGL_JAB_GZRZ | 36189 || dbo.DL_DTGL_JAB_GZRZ_ShangB | 35877 || dbo.DL_DTGL_JAB_GZRZ_ShenH | 35851 || dbo.View_YuJ_ZhengG | 32613 || dbo.DL_DTGL_JAB_QWAP | 31561 || dbo.View_DL_DTGL_JAB_QWAP | 31561 || dbo.DL_DTGL_JAB_QWAP_ShangB | 31249 || dbo.DL_DTGL_JAB_QWAP_ShenH | 31229 || dbo.DL_DTGL_YHPCZZ_JinD | 21268 || dbo.View_DL_DTGL_YHPCZZ_JinD | 21268 || dbo.DL_DTGL_XZZF_GZRZ_RenY | 16873 || dbo.DL_JBTZ_DLQKTJB | 16090 || dbo.View_DL_JBTZ_DLQKTJB | 16090 || dbo.DL_JBTZ_DLQKTJB_ShangB | 15479 || dbo.DL_JBTZ_DLQKTJB_ShenH | 15375 || dbo.DL_DTGL_XZZF_QWAP_RenY | 14762 || dbo.DL_Files_New_JBTZ | 14271 || dbo.YuJ_GaoJ141011 | 13502 || dbo.DL_DTGL_QDZ_GZHZ | 12746 || dbo.View_DL_DTGL_QDZ_GZHZ | 12746 || dbo.DL_DTGL_XCJY_NeiR | 12545 || dbo.DL_DTGL_QDZ_GZHZ_ShenH | 12500 || dbo.DL_DTGL_QDZ_GZHZ_ShangB | 12495 || dbo.DL_DTGL_XZZF_GZRZ_DaoL | 9669 || dbo.YuJ_CanS_TS | 9632 || dbo.DL_DTGL_XCJY | 8489 || dbo.View_DL_DTGL_XCJY | 8489 || dbo.DL_DTGL_XCJY_ShangB | 8418 || dbo.DL_DTGL_XCJY_ShenH | 8408 || dbo.DL_DTGL_XZZF_QWAP_DaoL | 8330 || dbo.DL_DW | 5344 || dbo.View_DL_DW_All | 5344 || dbo.View_DL_DW_Tree | 5344 || dbo.DL_Files_New | 4553 || dbo.View_DL_ZhiD_ToDept | 4436 || dbo.DL_DTGL_YHPCZZ | 4236 || dbo.View_DL_DTGL_YHPCZZ | 4236 || dbo.DL_DTGL_YHPCZZ_ShangB | 4195 || dbo.DL_DTGL_YHPCZZ_ShenH | 4183 || dbo.View_DL_DTGL_XZZF_GZRZ_All | 4130 || dbo.DL_ZhiD_DW_ToDept | 3926 || dbo.View_DL_ZhiD_DW_ToDept | 3868 || dbo.DL_DW_RYGL | 3777 || dbo.View_DL_DW_RYGL | 3777 || dbo.DL_DTGL_XZZF_GZRZ | 3713 || dbo.View_DL_DTGL_XZZF_GZRZ | 3713 || dbo.DL_DTGL_XZZF_GZRZ_ShangB | 3685 || dbo.DL_DW_RYGL_ShenH | 3681 || dbo.DL_DTGL_XZZF_GZRZ_ShenH | 3679 || dbo.DL_DW_RYGL_ShangB | 3677 || dbo.DL_DTGL_AQLH | 3649 || dbo.View_DL_DTGL_AQLH | 3649 || dbo.DL_DTGL_AQLH_ShangB | 3607 || dbo.DL_DTGL_AQLH_ShenH | 3607 || dbo.DL_ZhiD_DW | 3517 || dbo.View_DL_ZhiD_DW | 3517 || dbo.DL_DTGL_XZZF_JW | 3192 || dbo.View_DL_DTGL_XZZF_JW | 3192 || dbo.DL_DTGL_XZZF_QWAP | 3186 || dbo.View_DL_DTGL_XZZF_QWAP | 3186 || dbo.DL_DTGL_XZZF_QWAP_ShangB | 3177 || dbo.DL_DTGL_XZZF_QWAP_ShenH | 3163 || dbo.DL_DTGL_XZZF_JW_ShangB | 3099 || dbo.DL_DTGL_XZZF_JW_ShenH | 3099 || dbo.View_DL_DTGL_QDZ_GZRZ_All | 3053 || dbo.DL_DTGL_QDZ_QWAP | 2831 || dbo.View_DL_DTGL_QDZ_QWAP | 2831 || dbo.DL_DTGL_QDZ_QWAP_ShangB | 2816 || dbo.DL_DTGL_QDZ_QWAP_ShenH | 2816 || dbo.DL_DTGL_QDZ_GZRZ | 2634 || dbo.View_DL_DTGL_QDZ_GZRZ | 2634 || dbo.DL_DTGL_QDZ_GZRZ_ShangB | 2633 || dbo.DL_DTGL_QDZ_GZRZ_ShenH | 2631 || dbo.KaoH_ResultLast | 2560 || dbo.View_KaoH_ResultLast | 2556 || dbo.YuJ_GaoJ140519_2 | 2290 || dbo.DL_JBTZ_JDCMDB_Del | 2053 || dbo.ROLE_Module | 2050 || dbo.DL_JBTZ_QDZJSB | 1990 || dbo.View_DL_JBTZ_QDZJSB | 1990 || dbo.DL_JBTZ_QDZJSB_ShangB | 1953 || dbo.DL_JBTZ_QDZJSB_ShenH | 1910 || dbo.DL_JBTZ_JSYTJB_Del | 1815 || dbo.APater | 1723 || dbo.DL_DTGL_LXHY | 1645 || dbo.View_DL_DTGL_LXHY | 1645 || dbo.DL_JBTZ_JDCMDB_WuPZ | 1628 || dbo.View_DL_JBTZ_JDCMDB_WuPZ | 1628 || dbo.DL_JBTZ_JDCMDB_WuPZ_ShangB | 1618 || dbo.DL_JBTZ_JDCMDB_WuPZ_ShenH | 1618 || dbo.DL_DTGL_LXHY_ShangB | 1612 || dbo.DL_DTGL_LXHY_ShenH | 1604 || dbo.Users_Role | 1490 || dbo.DL_Files_New_YuJ | 1419 || dbo.View_DL_DW_All2 | 1412 || dbo.Users | 1367 || dbo.View_Users | 1355 || dbo.OutDataList | 1221 || dbo.Send_SMS | 1221 || dbo.DL_DTGL_PCS_QWAP_RenY | 1168 || dbo.DL_DTGL_PCS_GZRZ_RenY | 1127 || dbo.sysconstraints | 1050 || dbo.SMS_GuanJZ | 1040 || dbo.XingZC | 1034 || dbo.YuJ_GaoJ140519_3 | 1000 || dbo.DL_JBTZ_QDZJHB_XZC | 992 || dbo.SMS_Num | 973 || dbo.View_DL_DW_BuM | 933 || dbo.SYS_Module | 855 || dbo.view_dl_dw_all1 | 836 || dbo.DL_JBTZ_JDCMDB_DL | 811 || dbo.DL_JBTZ_DLQKTJB_Del | 800 || dbo.DL_DTGL_PCS_QWAP_DaoL | 725 || dbo.DL_DTGL_PCS_GZRZ_DaoL | 720 || dbo.DL_ZhiD_DW_FW_ToDept | 655 || dbo.DL_DTGL_JAB_GZRZ_Del | 595 || dbo.DL_DTGL_PCS_JW | 569 || dbo.View_DL_DTGL_PCS_JW | 569 || dbo.View_DL_ZhiD_DW_FW_ToDept | 568 || dbo.DL_DTGL_PCS_JW_ShangB | 565 || dbo.DL_DTGL_PCS_JW_ShenH | 564 || dbo.DL_DW_RYGL_Del | 523 || dbo.DL_DTGL_GXDDD_RenY | 487 || dbo.DL_DTGL_JAB_QWAP_Del | 447 || dbo.View_DL_DW_XiangZ | 438 || dbo.DL_ZhiD_DW_FW | 417 || dbo.View_DL_ZhiD_DW_FW | 417 || dbo.YuJ_GaoJ140519 | 396 || dbo.GongGao_TX | 365 || dbo.DL_Files_New_RYGL | 345 || dbo.XingM | 327 || dbo.DL_DTGL_PCS_QWAP | 318 || dbo.View_DL_DTGL_PCS_QWAP | 318 || dbo.View_DL_DTGL_PCS_GZRZ_All | 317 || dbo.DL_JBTZ_JDCMDB140819 | 314 || dbo.DL_DTGL_PCS_QWAP_ShangB | 309 || dbo.DL_DTGL_PCS_QWAP_ShenH | 308 || dbo.DL_DTGL_PCS_GZRZ | 306 || dbo.View_DL_DTGL_PCS_GZRZ | 306 || dbo.DL_JBTZ_JDCMDB_ShangB140819 | 304 || dbo.DL_JBTZ_JDCMDB_ShenH140819 | 304 || dbo.DL_DTGL_PCS_GZRZ_ShangB | 302 || dbo.DL_DTGL_PCS_GZRZ_ShenH | 301 || dbo.YuJ_GaoJ140519_4 | 268 || dbo.DL_DTGL_JAB_JW_Del | 260 || dbo.DL_JBTZ_QDZJSB_Del | 233 || dbo.Item | 226 || dbo.DL_JBTZ_QDZJHB | 225 || dbo.View_DL_JBTZ_QDZJHB | 225 || dbo.DL_JBTZ_QDZJHB_ShangB | 213 || dbo.DL_JBTZ_QDZJHB_ShenH | 206 || dbo.DL_DW_RYGL140519 | 169 || dbo.SYS_Code | 157 || dbo.DL_DTGL_GXDDD | 150 || dbo.View_DL_DTGL_GXDDD | 150 || dbo.DL_DTGL_GXDDD_ShangB | 148 || dbo.DL_DTGL_GXDDD_ShenH | 147 || dbo.tmp_qux | 146 || dbo.DL_ZhiD_MuB | 127 || dbo.View_DL_ZhiD_MuB | 127 || dbo.DL_Files_New_DJ | 125 || dbo.YuJ_CanS | 106 || dbo.DL_DJ_BDJ_ShangB | 105 || dbo.DL_DTGL_YHPCZZ_Del | 94 || dbo.DL_DJ_BDJ | 92 || dbo.View_DL_DJ_BDJ | 92 || dbo.GongGao_REPLY | 84 || dbo.DL_ZhiD_MuB_DWLB | 83 || dbo.Addr | 82 || dbo.Send_SMS_Err | 81 || dbo.yuj_gaoj140513 | 81 || dbo.YuJ_GuiZ | 73 || dbo.ItemConst | 66 || dbo.DL_DTGL_XZZF_GZRZ_Del | 62 || dbo.DL_DTGL_QDZ_GZHZ_Del | 61 || dbo.DL_DTGL_BDD | 53 || dbo.DL_ZhiBS | 53 || dbo.View_DL_DTGL_BDD | 53 || dbo.DL_DJ_BDJ_ShenH | 52 || dbo.DL_DTGL_BDD_ShangB | 52 || dbo.DL_DTGL_BDD_ShenH | 49 || dbo.DL_DTGL_XCJY_Del | 43 || dbo.DL_DTGL_XZZF_QWAP_Del | 43 || dbo.Question | 41 || dbo.View_DL_DW_QuX | 41 || dbo.DL_DTGL_LXHY_Del | 37 || dbo.SMS_ZT | 30 || dbo.TName_NoDel | 30 || dbo.DL_DTGL_AQLH_Del | 29 || dbo.KaoH_List | 28 || dbo.DL_JBTZ_QDZJHB_Del | 27 || dbo.YuJ_JiCTZ | 27 || dbo.DL_DTGL_XZZF_JW_Del | 26 || dbo.YuJ_CanS_Zhou | 24 || dbo.Files | 23 || dbo.LoginErr | 23 || dbo.GongGao | 22 || dbo.DL_DJ | 17 || dbo.View_DL_DJ | 17 || dbo.DL_DJ_ShangB | 16 || dbo.DL_DJ_ShenH | 16 || dbo.DL_DTGL_QDZ_QWAP_Del | 15 || dbo.DL_ZhiB | 14 || dbo.ROLES | 13 || dbo.Temp_SMS | 10 || dbo.DL_DTGL_QDZ_GZRZ_Del | 5 || dbo.Calendar | 4 || dbo.DL_DJ_BDJ_Del | 4 || dbo.DL_DW_DaQ | 4 || dbo.DL_JBTZ_JDCMDB_WuPZ_Del | 4 || dbo.LoginIP | 4 || dbo.DL_DTGL_PCS_QWAP_Del | 3 || dbo.GongGao_FanK_Reply | 3 || dbo.JXT_Phone | 3 || dbo.syssegments | 3 || dbo.GG | 2 || dbo.GG150705 | 2 || dbo.DL_DJ_Del | 1 || dbo.DL_DTGL_BDD_Del | 1 || dbo.DL_DTGL_GXDDD_Del | 1 || dbo.DL_DTGL_PCS_GZRZ_Del | 1 || dbo.GongGao_FanK | 1 || dbo.Proj | 1 || dbo.ZR_config | 1 |+---------------------------------+---------+
解出账号密码 :1021001 --- 72210582
成功获取到shell
而且是system权限 直接添加用户进服务器 大量的备份文件 和 数据信息泄露
数据和备份文件 都是 实时同步的
0.0
危害等级:高
漏洞Rank:10
确认时间:2015-10-23 10:48
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无